CVE-2021-36937
published 2021-08-12CVE-2021-36937: Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Affected
45 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19022 | 10.0.10240.19022 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4583 | 10.0.14393.4583 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2114 | 10.0.17763.2114 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1734 | 10.0.18363.1734 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1165 | 10.0.19041.1165 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1165 | 10.0.19042.1165 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1165 | 10.0.19043.1165 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25685 | 6.1.7601.25685 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21192 | 6.0.6003.21192 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23435 | 6.2.9200.23435 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20094 | 6.3.9600.20094 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
GHSA
GHSA-m743-3wjh-838g: Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-36937 [HIGH] GHSA-m743-3wjh-838g: Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Microsoft
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
vendor_msrc·2021-08-10·CVSS 7.8
CVE-2021-36937 [HIGH] Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability
Microsoft Windows Codecs Library: Microsoft Windows Codecs Library
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030
Reference: https://support.microsoft.com/help/5005030
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005031
Reference: https://support.microsoft.com/help/5005031
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005033
Reference: https://support.microsoft.com/help/5005033
Reference: https://catalog.update.microsof
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
blogs_qualys·2021-08-10·CVSS 7.0
CVE-2021-36942 [HIGH] Microsoft and Adobe Patch Tuesday (August 2021) – Microsoft 51 Vulnerabilities with 7 Critical, Adobe 29 Vulnerabilities
## Microsoft Patch Tuesday – August 2021
Microsoft patched 51 vulnerabilities in their August 2021 Patch Tuesday release, and 7 of them are rated as critical severity. Three 0-day vulnerability patches were included in the release.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-36942 – Windows LSA Spoofing Vulnerability
An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. A malicious user can use this attack to take complete control over windows domain Per Microsoft, this vulnerability affects all servers, but domain controllers should be prioritized in terms of applying security updates.
CVE-2021-34481 – Windows Print Spooler Remote Code Execution Vulnerability
A remote cod
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
August 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2021-08-12
Published