{"containers": {"cna": {"title": "Microsoft Windows Codecs Library Remote Code Execution Vulnerability", "datePublic": "2020-10-15T07:00:00.000Z", "affected": [{"vendor": "Microsoft", "product": "Windows 10 Version 1803", "cpes": [], "platforms": ["32-bit Systems", "x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1809", "cpes": [], "platforms": ["32-bit Systems", "x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1909", "cpes": [], "platforms": ["x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1709 for 32-bit Systems", "cpes": [], "platforms": ["32-bit Systems"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1709", "cpes": [], "platforms": ["x64-based Systems", "ARM64-based Systems"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1903 for 32-bit Systems", "cpes": [], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1903 for x64-based Systems", "cpes": [], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 1903 for ARM64-based Systems", "cpes": [], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows 10 Version 2004", "cpes": [], "platforms": ["32-bit Systems", "ARM64-based Systems", "x64-based Systems"], "versions": [{"version": "N/A", "status": "affected"}]}], "descriptions": [{"value": "<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p>\n<p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p>\n<p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2023-12-31T19:20:02.348Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:45:34.874Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2020-17022", "datePublished": "2020-10-16T22:18:12.000Z", "dateReserved": "2020-08-04T00:00:00.000Z", "dateUpdated": "2024-08-04T13:45:34.874Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*", "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*", "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*", "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p>\n<p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p>\n<p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>"}, {"lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en la manera en que Microsoft Windows Codecs Library maneja objetos en memoria, tambi\u00e9n se conoce como \"Microsoft Windows Codecs Library Remote Code Execution Vulnerability\""}], "id": "CVE-2020-17022", "lastModified": "2026-02-23T18:21:42.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2020-10-16T23:15:17.400", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}