cbcvebase.
CVE-2020-1477
published 2020-08-17

CVE-2020-1477: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the…

high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

Affected

51 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_version_1507>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1607>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1709>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1709_for_32-bit_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1803>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1809>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1903_for_32-bit_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1903_for_arm64-based_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1903_for_x64-based_systems>= 10.0.0 < publicationpublication
microsoftwindows_10_version_1909>= 10.0.0 < publicationpublication
microsoftwindows_10_version_2004>= 10.0.0 < publicationpublication
microsoftwindows_7>= 6.1.0 < publicationpublication
microsoftwindows_7_service_pack_1>= 6.1.0 < publicationpublication
microsoftwindows_8.1>= 6.3.0 < publicationpublication
microsoftwindows_server_2008
microsoftwindows_server_2008_r2_service_pack_1>= 6.0.0 < publicationpublication
microsoftwindows_server_2008_r2_service_pack_1>= 6.1.0 < publicationpublication
microsoftwindows_server_2008_service_pack_2>= 6.0.0 < publicationpublication