CVE-2020-1577 — Sensitive Information Exposure in Microsoft Windows 10 Version 1507

CWE-200 — Sensitive Information Exposure13 documents5 sources

Severity

6.5MEDIUMNVD

CNA7.8

EPSS

22.2%

top 4.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1709 +19 more

Timeline

PublishedAug 17

Latest updateMay 24

Description

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how DirectW…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages23 packages

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_76.1.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-25qw-9qm7-q8v7: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosu↗2022-05-24

▶

CVEList

DirectWrite Information Disclosure Vulnerability↗2020-08-17

▶

📋Vendor Advisories

Microsoft

DirectWrite Information Disclosure Vulnerability↗2020-08-11

▶

💬Community

Bugzilla

CVE-2019-13113 exiv2: invalid data location in CRW image file causing denial of service↗2019-07-10

▶

Bugzilla

CVE-2019-9143 exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service↗2019-03-01

▶

Bugzilla

CVE-2018-17229 exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp↗2018-09-24

▶

Bugzilla

CVE-2018-17230 exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp↗2018-09-24

▶

Bugzilla

CVE-2018-14338 exiv2: buffer overflow in samples/geotag.cpp↗2018-07-27

▶