CVE-2020-17022: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited…

high7.8CVSS 3.1

AVLACLPRNUIRSUCHIHAH

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10	—	—
microsoft	windows_10_version_1709	—	—
microsoft	windows_10_version_1709_for_32-bit_systems	—	—
microsoft	windows_10_version_1803	—	—
microsoft	windows_10_version_1809	—	—
microsoft	windows_10_version_1903_for_32-bit_systems	—	—
microsoft	windows_10_version_1903_for_arm64-based_systems	—	—
microsoft	windows_10_version_1903_for_x64-based_systems	—	—
microsoft	windows_10_version_1909	—	—
microsoft	windows_10_version_2004	—	—
mozilla	firefox	—	—
mozilla	thunderbird	>= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2	1:68.7.0+build1-0ubuntu0.16.04.2
msrc	windows_10_version_1709_for_32-bit_systems	—	—
msrc	windows_10_version_1709_for_arm64-based_systems	—	—
msrc	windows_10_version_1709_for_x64-based_systems	—	—
msrc	windows_10_version_1803_for_32-bit_systems	—	—
msrc	windows_10_version_1803_for_arm64-based_systems	—	—
msrc	windows_10_version_1803_for_x64-based_systems	—	—
msrc	windows_10_version_1809_for_32-bit_systems	—	—
msrc	windows_10_version_1809_for_arm64-based_systems	—	—

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

osv8.8HIGH