CVE-2020-17022

Summary

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p> <p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>

Affected Software

VendorProductVersion RangeStatus
MicrosoftWindows 10 Version 1803N/Aaffected
MicrosoftWindows 10 Version 1809N/Aaffected
MicrosoftWindows 10 Version 1909N/Aaffected
MicrosoftWindows 10 Version 1709 for 32-bit SystemsN/Aaffected
MicrosoftWindows 10 Version 1709N/Aaffected
MicrosoftWindows 10 Version 1903 for 32-bit SystemsN/Aaffected
MicrosoftWindows 10 Version 1903 for x64-based SystemsN/Aaffected
MicrosoftWindows 10 Version 1903 for ARM64-based SystemsN/Aaffected
MicrosoftWindows 10 Version 2004N/Aaffected

Weaknesses

  • Remote Code Execution

ADP Enrichment

CVE Program Container

Additional References

References