CVE-2020-1593

Опубликовано: 08 сент. 2020

Источник: msrc

CVSS3: 7.6

EPSS Низкий

Описание

Windows Media Audio Decoder Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	4577064 4577070	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4577064 4577070	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4577064 4577070	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	4577051 4577053	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	4577051 4577053	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4577051 4577053	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4577051 4577053	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4577064 4577070	Monthly Rollup Security Only
Windows Server 2012	4577038 4577048	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	4577038 4577048	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 81%

0.01653

Низкий

7.6 High

CVSS3

Связанные уязвимости

CVE-2020-1593

CVSS3: 7.6

nvd

почти 5 лет назад

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Audio Decoder handles objects.

GHSA-xrqx-j38x-m6pj

CVSS3: 7.6

github

около 3 лет назад

A remote code execution vulnerability exists when Windows Media Audio Decoder improperly handles objects, aka 'Windows Media Audio Decoder Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1508.

BDU:2020-04579

CVSS3: 7.6

fstec

почти 5 лет назад

Уязвимость аудикодера Windows Media Player операционной системы Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 81%

0.01653

Низкий

7.6 High

CVSS3