CVE-2019-1430
published 2019-11-12CVE-2019-1430: A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who…
PriorityP345high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
12.96%
95.8th percentile
A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1903_for_32-bit_systems | — | — |
| msrc | windows_10_version_1903_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1903_for_x64-based_systems | — | — |
| msrc | windows_server_version_1903 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-63qr-q2fr-xr46: A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files
ghsa_unreviewed·2022-05-24
CVE-2019-1430 [HIGH] GHSA-63qr-q2fr-xr46: A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files
A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsoft Windows Media Foundation Remote Code Execution Vulnerability'.
Microsoft
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
vendor_msrc·2019-11-12·CVSS 7.3
CVE-2019-1430 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker must send a specially crafted QuickTime file to a user and convince them to open it. When opened, the malicious QuickTime file will execute code of the attacker’s choice on the target system.
The security update addresses the vulnerability by ensuring Windows Media Foundatio
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
blogs_talos·2019-11-12·CVSS 7.8
[HIGH] Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability. Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates here, and see the Snort rules that provide coverage here. In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected customers.
### Vulnerability detailsMicrosoft Media Foundation CMP4MetadataHandler AddQTMetadata cod
Talos
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-11-12·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, CVE-2019-1448 —a remote code execution vulnerability in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight here. We are also disclosing a remote code execution vulnerability in Microsoft Media Foundation.
Talos also released a new set of SNORTⓇ rules that provide covera
Talos
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-11-12·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, CVE-2019-1448 —a remote code execution vulnerability in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight here . We are also disclosing a remote code execution vulnerability in Microso
Talos
Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
blogs_talos·2019-11-12·CVSS 7.8
[HIGH] Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
## Vulnerability Spotlight: Remote code execution vulnerability in Microsoft Media Foundation
Marcin Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
Microsoft Media Foundation’s framework contains a remote code execution vulnerability that exists due to a use-after-free condition. This specific bug lies in Media Foundation's MPEG4 DLL. An attacker could provide a user with a specially crafted QuickTime file to exploit this vulnerability. Microsoft disclosed this vulnerability in this month’s Patch Tuesday. For more on the updates here , and see the Snort rules that provide coverage here. In accordance with our coordinated disclosure policy, Cisco Talos worked with Microsoft to ensure that these issues are resolved and that an update is available for affected custo
2019-11-12
Published