CVE-2020-0820

Опубликовано: 10 мар. 2020

Источник: msrc

CVSS3: 5.5

EPSS Низкий

Описание

Media Foundation Information Disclosure Vulnerability

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.

The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.

Обновления

Продукт	Статья	Обновление
Windows 10 for 32-bit Systems	4540693	Security Update
Windows 10 for x64-based Systems	4540693	Security Update
Windows Server 2016	4540670	Security Update
Windows 10 Version 1607 for 32-bit Systems	4540670	Security Update
Windows 10 Version 1607 for x64-based Systems	4540670	Security Update
Windows Server 2016 (Server Core installation)	4540670	Security Update
Windows 10 Version 1709 for 32-bit Systems	4540681	Security Update
Windows 10 Version 1709 for x64-based Systems	4540681	Security Update
Windows 10 Version 1803 for 32-bit Systems	4540689	Security Update
Windows 10 Version 1803 for x64-based Systems	4540689	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 76%

0.00996

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-0820

CVSS3: 5.5

nvd

больше 5 лет назад

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

GHSA-4hc5-44q4-8h74

github

больше 3 лет назад

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

BDU:2020-01202

CVSS3: 5.5

fstec

больше 5 лет назад

Уязвимость компонента Media Foundation операционных систем Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 76%

0.00996

Низкий

5.5 Medium

CVSS3