CVE-2020-16915

Опубликовано: 16 окт. 2020

Источник: nvd

CVSS3: 7.8

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.

The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

Ссылки

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16915
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1257/
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16915
Patch
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-20-1257/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.06667

Низкий

7.8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2020-16915

CVSS3: 7.8

msrc

почти 5 лет назад

Media Foundation Memory Corruption Vulnerability

GHSA-j2mp-wxpv-6jr8

CVSS3: 7.8

github

около 3 лет назад

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

BDU:2020-05455

CVSS3: 8.8

fstec

почти 5 лет назад

Уязвимость компонента HEVC мультимедийного плеера Microsoft Windows Media Player операционных систем Windows, позволяющая нарушителю выполнить произвольный код

BDU:2020-04821

CVSS3: 7.8

fstec

почти 5 лет назад

Уязвимость компонента Media Foundation операционных систем Windows, позволяющая нарушителю получить доступ на модификацию данных

EPSS

Процентиль: 91%

0.06667

Низкий

7.8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-787