Description
<p>A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.</p> <p>Exploitation of the vulnerability requires that a program process a specially crafted image file.</p> <p>The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.</p>
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Physical
RL
O
RC
Changed
Affected products
- Microsoft / Windows 10 Version 1709N/A – N/A
- Microsoft / Windows 10 Version 1709 for 32-bit SystemsN/A – N/A
- Microsoft / Windows 10 Version 1803N/A – N/A
- Microsoft / Windows 10 Version 1809N/A – N/A
- Microsoft / Windows 10 Version 1903 for 32-bit SystemsN/A – N/A
- Microsoft / Windows 10 Version 1903 for ARM64-based SystemsN/A – N/A
- Microsoft / Windows 10 Version 1903 for x64-based SystemsN/A – N/A
- Microsoft / Windows 10 Version 1909N/A – N/A
- Microsoft / Windows 10 Version 2004N/A – N/A