Lucene search
AnonymousZDI-20-647HistoryMay 12, 2020 - 12:00 a.m.
Microsoft Windows EMF EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Information Disclosure Vulnerability
2020-05-1200:00:00
Anonymous
www.zerodayinitiative.com
4
0.001 Low
EPSS
Percentile
31.6%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of EMF images in gdi32full.dll. A crafted EMR_SETDIBITSTODEVICE record in an EMF image can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Related
mscve
mscve
Microsoft Graphics Component Information Disclosure Vulnerability
2020-04-14 07:00:00
zdi
zdi
prion
prion
Information disclosure
2020-04-15 15:15:00
Information disclosure
2020-04-15 15:15:00
Information disclosure
2020-04-15 15:15:00
nvd
nvd
cve
cve
cvelist
cvelist
mskb
mskb
April 14, 2020âKB4550957 (Security-only update)
2020-04-14 07:00:00
April 14, 2020âKB4550965 (Security-only update)
2020-04-14 07:00:00
April 14, 2020âKB4550970 (Security-only update)
2020-04-14 07:00:00
nessus
nessus
KB4550957: Windows Server 2008 April 2020 Security Update
2020-04-14 00:00:00
KB4550970: Windows 8.1 and Windows Server 2012 R2 April 2020 Security Update
2020-04-14 00:00:00
KB4550971: Windows Server 2012 April 2020 Security Update
2020-04-14 00:00:00
kaspersky
kaspersky
KLA11743 Multiple vulnerabilities in Microsoft products (ESU)
2020-04-14 00:00:00
KLA11744 Multiple vulnerabilities in Microsoft Windows
2020-04-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4550964)
2020-04-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4550961)
2020-04-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4550930)
2020-04-15 00:00:00
avleonov
avleonov