Security News > 2020 > July > Windows Codecs Library Vulnerabilities Allow Remote Code Execution

Windows Codecs Library Vulnerabilities Allow Remote Code Execution
2020-07-01 08:20

Microsoft on Tuesday published advisories to provide details on two remote code execution vulnerabilities addressed in the Windows Codecs Library.

Both of these vulnerabilities are related to the manner in which the affected Windows component handles objects in memory and both feature a CVSS score of 7.3.

In the advisory published for the second security issue, which is tracked as CVE-2020-1457, Microsoft notes that successful exploitation would result in arbitrary code execution.

To address the security issues, Microsoft corrected Windows Codecs Library's in-memory object handling.

The flaws were found to impact Windows 10 versions 1709, 1803, 1809, 1903, 1909, and 2004, for 32-bit, 64-bit, and ARM64-based systems, as well as Windows Server 2019, and Windows Server versions 1709, 1903 and 2004.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/y6One6Vp-Ko/windows-codecs-library-vulnerabilities-allow-remote-code-execution

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-07-27 CVE-2020-1457 Out-of-bounds Write vulnerability in Microsoft Windows 10
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.
local
low complexity
microsoft CWE-787
7.8