CVE-2020-16968Improper Input Validation in Microsoft Windows 10 Version 1507

CWE-20Improper Input ValidationCWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
7.8HIGHNVD
EPSS
10.7%
top 6.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1709+9 more
Timeline
PublishedOct 16
Latest updateMay 24

Description

A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are c

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages12 packages

CVEListV5microsoft/windows_10_version_150710.0.0publication

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-4v5p-6cwv-27q5: A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory, aka 'Windows Camera Codec Pack R2022-05-24
CVEList
Windows Camera Codec Pack Remote Code Execution Vulnerability2020-10-16

📋Vendor Advisories

1
Microsoft
Windows Camera Codec Pack Remote Code Execution Vulnerability2020-10-13