CVE-2020-17105
published 2020-11-11CVE-2020-17105: AV1 Video Extension Remote Code Execution Vulnerability
PriorityP259critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.41%
87.4th percentile
AV1 Video Extension Remote Code Execution Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | av1_video_extension | — | — |
| msrc | av1_video_extension | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Check installed AV1 Video Extension package version; versions prior to 1.1.32442.0 are vulnerable ↗
- →Use PowerShell to enumerate the AV1 Video Extension package and verify patched version is installed ↗
- ·Only systems with the AV1 Video Extension installed from the Microsoft Store are vulnerable; default Windows installations without this app are not affected ↗
- ·Customers who have disabled automatic Microsoft Store updates will not receive the patch automatically and must update manually ↗
- ·Disconnected/enterprise environments using Microsoft Store for Business or Education must obtain the update through their organization ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7gvq-27cc-h479: AV1 Video Extension Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2020-17105 [CRITICAL] GHSA-7gvq-27cc-h479: AV1 Video Extension Remote Code Execution Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
Microsoft
AV1 Video Extension Remote Code Execution Vulnerability
vendor_msrc·2020-11-10·CVSS 7.8
CVE-2020-17105 [HIGH] AV1 Video Extension Remote Code Execution Vulnerability
AV1 Video Extension Remote Code Execution Vulnerability
FAQ: Is Windows vulnerable in the default configuration?
No. Only customers who have installed this app from the Microsoft Store may be vulnerable.
How do I get the updated app?
The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.
My system is in a disconnected environment; is it vulnerable?
Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.
How can I check if the update is installed?
App package ver
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-11-11
Published