Описание
VP9 Video Extensions Information Disclosure Vulnerability
FAQ
What type of information could be disclosed by this vulnerability?
An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory.
How do I get the updated app?
The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.
My system is in a disconnected environment; is it vulnerable?
It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. VLSC customers can visit the Volume Licensing Servicing Center to get the update https://www.microsoft.com/Licensing/servicecenter/.
Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.
How can I check if the update is installed?
App package versions 1.0.61591.0 and later contain this update.
You can check the package version in PowerShell: Get-AppxPackage -Name Microsoft.VP9VideoExtensions
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
An attacker must send the user a malicious file and convince them to open it.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
VP9 Video Extensions Information Disclosure Vulnerability
VP9 Video Extensions Information Disclosure Vulnerability
Уязвимость пакета расширений для сжатия видео VP9 Video Extensions, связанная с недостаточной защитой служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.5 Medium
CVSS3