Information disclosure

2020-08-1719:15:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.6%

JSON

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.

CPENameOperatorVersion
windows_10eq1607
windows_10eq1709
windows_10eq1803
windows_10eq1809
windows_10eq1903
windows_10eq1909
windows_10eq2004
windows_server_2012eq2.0.114
windows_server_2016eq1903
windows_server_2016eq1909

Name	Operator	Version
windows_10	eq	1607
windows_10	eq	1709
windows_10	eq	1803
windows_10	eq	1809
windows_10	eq	1903
windows_10	eq	1909
windows_10	eq	2004
windows_server_2012	eq	2.0.114
windows_server_2016	eq	1903
windows_server_2016	eq	1909