CVE-2020-0883 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Windows
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents7 sources
Severity
8.8HIGHNVD
EPSS
53.0%
top 2.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 12
Latest updateMay 24
Description
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages10 packages
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-xf4v-vghx-5mf9: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo↗2022-05-24
GHSA▶
GHSA-grrr-mj2c-9265: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo↗2022-05-24
CVEList▶
CVE-2020-0883: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo↗2020-03-12
CVEList▶
CVE-2020-0881: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo↗2020-03-12
📋Vendor Advisories
1🕵️Threat Intelligence
5Qualys▶
March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches | Qualys↗2020-03-10
Tenable▶
Microsoft’s March 2020 Patch Tuesday Addresses 115 CVEs, Including 58 Elevation of Privilege Flaws↗2020-03-10
Qualys▶
March 2020 Patch Tuesday – 115 Vulns, 26 Critical, Microsoft Word and Workstation Patches↗2020-03-10