CVE-2020-17022

8 documents6 sources

Severity

7.8HIGH

EPSS

10.6%

top 6.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1709 Microsoft Windows 10 Version 1709 FOR 32-bit Systems Microsoft Windows 10 Version 1803 +7 more

Timeline

PublishedOct 16

Latest updateMay 24

Description

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶NVDmicrosoft/windows_106 versions+5

▶CVEListV5microsoft/windows_10_version_1709N/A

▶CVEListV5microsoft/windows_10_version_1803N/A

▶CVEListV5microsoft/windows_10_version_1809N/A

▶CVEListV5microsoft/windows_10_version_1909N/A

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xgh6-xj95-pp64: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs↗2022-05-24

▶

CVEList

Microsoft Windows Codecs Library Remote Code Execution Vulnerability↗2020-10-16

▶

OSV

thunderbird vulnerabilities↗2020-04-21

▶

📋Vendor Advisories

Microsoft

Microsoft Windows Codecs Library Remote Code Execution Vulnerability↗2020-10-13

▶

Mozilla

Mozilla Foundation Security Advisory 2020-04: CVE-2019-17022↗

▶

Mozilla

Mozilla Foundation Security Advisory 2020-01: CVE-2019-17022↗

▶

Mozilla

Mozilla Foundation Security Advisory 2020-02: CVE-2019-17022↗

▶