CVE-2020-1319 HIGH

CVE-2020-1319: Microsoft Windows Codecs Library Remote Code Execution Vulnerability

Vendor Microsoft
Product Windows 10 Version 1803
Published September 11, 2020
Last update August 4, 2024

CVSS base score

7.3/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

What the vulnerability does

01Description

<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p> <p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>

Key dates

02Disclosure timeline

September 11, 2020 CVE published
August 4, 2024 Record updated