CVE-2020-1574
medium
CVSS v3
5.5
CVSS v4 NEW
โ
VIR risk
5.5
Description
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
Predictions
Exploit likelihood
55%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Microsoft Security Response Center ยท View original โ ยท proprietary-no-redistribution
Full prose not cached โ VIR stores only structured fields (affected/fixed versions, references) for this source. Click "View original" above for the vendor's full advisory.
Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | Windows 7 for 32-bit Systems Service Pack 1 | |
| microsoft | Windows 7 for x64-based Systems Service Pack 1 | |
| microsoft | Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | |
| microsoft | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | |
| microsoft | Microsoft SharePoint Server 2010 Service Pack 2 | |
| microsoft | Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | |
| microsoft | Internet Explorer 9 on Windows Server 2008 for 32-bit Systems Service Pack 2 | |
| microsoft | Internet Explorer 9 on Windows Server 2008 for x64-based Systems Service Pack 2 | |
| microsoft | Windows Server 2012 | |
| microsoft | Windows Server 2012 (Server Core installation) | |
| microsoft | Microsoft Outlook 2013 RT Service Pack 1 | |
| microsoft | Windows 8.1 for 32-bit systems | |
| microsoft | Windows 8.1 for x64-based systems | |
| microsoft | Windows Server 2012 R2 | |
| microsoft | Windows RT 8.1 | |
| microsoft | Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 | |
| microsoft | Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 | |
| microsoft | Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | |
| microsoft | Internet Explorer 11 on Windows Server 2012 | |
| microsoft | Internet Explorer 11 on Windows 8.1 for 32-bit systems | |
| microsoft | Internet Explorer 11 on Windows 8.1 for x64-based systems | |
| microsoft | Internet Explorer 11 on Windows Server 2012 R2 | |
| microsoft | Internet Explorer 11 on Windows RT 8.1 | |
| microsoft | Internet Explorer 11 on Windows 10 for 32-bit Systems | |
| microsoft | Internet Explorer 11 on Windows 10 for x64-based Systems | |
| microsoft | Internet Explorer 11 on Windows Server 2016 | |
| microsoft | Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | |
| microsoft | Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | |
| microsoft | Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems | |
| microsoft | Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems | |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| windows | 1909 | affected | |
| windows | 2004 | affected | |
References
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.