CVE-2020-1425

4 documents4 sources

Severity

7.8HIGH

EPSS

16.7%

top 5.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1709 FOR 32-bit Systems Microsoft Windows 10 Version 1709 FOR Arm64-based Systems Microsoft Windows 10 Version 1709 FOR X64-based Systems +16 more

Timeline

PublishedJul 27

Latest updateMay 24

Description

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages19 packages

▶NVDmicrosoft/windows_106 versions+5

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1803_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1809_for_32-bit_systemsunspecified

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systemsunspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fc36-5hq8-56hm: A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codec↗2022-05-24

▶

CVEList

CVE-2020-1425: A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codec↗2020-07-27

▶

📋Vendor Advisories

Microsoft

Microsoft Windows Codecs Library Remote Code Execution Vulnerability↗2020-06-09

▶