Lucene search

[email protected]NVD:CVE-2020-1487

HistoryAug 17, 2020 - 7:15 p.m.

CVE-2020-1487

2020-08-1719:15:15

[email protected]

web.nvd.nist.gov

cve-2020-1487

information disclosure

media foundation

memory handling

exploitation

web-based attack

specially crafted file

vulnerability correction

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.
The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.

Affected configurations

Nvd

Node

microsoftwindows_10Match-

microsoftwindows_10Match1607

microsoftwindows_10Match1709

microsoftwindows_10Match1803

microsoftwindows_10Match1809

microsoftwindows_10Match1903

microsoftwindows_10Match1909

microsoftwindows_10Match2004

microsoftwindows_8.1Match-

microsoftwindows_rt_8.1Match-

microsoftwindows_server_2012Matchr2

microsoftwindows_server_2016Match-

microsoftwindows_server_2016Match1903

microsoftwindows_server_2016Match1909

microsoftwindows_server_2016Match2004

microsoftwindows_server_2019Match-

VendorProductVersionCPE
microsoftwindows_10-cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
microsoftwindows_101607cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
microsoftwindows_101709cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
microsoftwindows_101803cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
microsoftwindows_101809cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
microsoftwindows_101903cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
microsoftwindows_101909cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
microsoftwindows_102004cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
microsoftwindows_8.1-cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
microsoftwindows_rt_8.1-cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10	-	cpe:2.3:o:microsoft:windows_10:-:::::::*
microsoft	windows_10	1607	cpe:2.3:o:microsoft:windows_10:1607:::::::*
microsoft	windows_10	1709	cpe:2.3:o:microsoft:windows_10:1709:::::::*
microsoft	windows_10	1803	cpe:2.3:o:microsoft:windows_10:1803:::::::*
microsoft	windows_10	1809	cpe:2.3:o:microsoft:windows_10:1809:::::::*
microsoft	windows_10	1903	cpe:2.3:o:microsoft:windows_10:1903:::::::*
microsoft	windows_10	1909	cpe:2.3:o:microsoft:windows_10:1909:::::::*
microsoft	windows_10	2004	cpe:2.3:o:microsoft:windows_10:2004:::::::*
microsoft	windows_8.1	-	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
microsoft	windows_rt_8.1	-	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*