Microsoft Windows Codecs Library Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

N/A

Microsoft Windows Codecs Library 缓冲区错误漏洞

Microsoft Windows是美国微软（Microsoft）公司的一套个人设备使用的操作系统。Windows Codecs Library是其中的一个音频、视频编解码器。 Microsoft Windows Codecs Library中存在远程代码执行漏洞，该漏洞源于程序没有正确处理内存中的对象。攻击者可借助特制文件利用该漏洞获取信息，进一步入侵用户系统。以下产品及版本受到影响：Microsoft Windows 10 1709版本，Windows 10 1803版本，Windows 10 180

N/A

N/A