Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAbdul-Aziz Hariri of Trend Micro Zero Day InitiativeZDI-20-819
HistoryJul 08, 2020 - 12:00 a.m.

Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

2020-07-0800:00:00
Abdul-Aziz Hariri of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
16

0.01 Low

EPSS

Percentile

83.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HEIC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process.

Related

mscve 1
trendmicroblog 1
zdi 6
nessus 1
prion 2
cvelist 2
attackerkb 1
nvd 2
cisa 1
openvas 1
threatpost 1
thn 1
kaspersky 1
cve 2
securelist 1
mscve
mscve
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
2020-06-30 07:00:00
trendmicroblog
trendmicroblog
This Week in Security News: Payment Card Skimmer Attacks Hit 8 Cities and Survey Finds 72% of Remote Workers Have Gained Cybersecurity Awareness During Lockdown
2020-07-03 07:20:05
zdi
zdi
Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2020-07-07 00:00:00
Microsoft Windows hevcdecoder_store HEIC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2020-07-08 00:00:00
Microsoft Windows hevcdecoder_store MKV File Parsing Use-After-Free Remote Code Execution Vulnerability
2020-07-07 00:00:00
nessus
nessus
Microsoft Windows Codecs Library Multiple Vulnerabilities (June 2020)
2020-07-02 00:00:00
prion
prion
Remote code execution
2020-07-27 19:15:00
Remote code execution
2020-07-27 19:15:00
cvelist
cvelist
CVE-2020-1425
2020-07-27 18:50:12
CVE-2020-1457
2020-07-27 18:50:13
attackerkb
attackerkb
CVE-2020-1425 - Windows Codecs Library RCE
2020-07-03 00:00:00
nvd
nvd
CVE-2020-1425
2020-07-27 19:15:14
CVE-2020-1457
2020-07-27 19:15:14
cisa
cisa
Microsoft Releases Security Updates for Windows 10, Windows Server
2020-07-01 00:00:00
openvas
openvas
Microsoft Windows Codecs Library Multiple RCE Vulnerabilities
2020-07-02 00:00:00
threatpost
threatpost
Microsoft Releases Emergency Security Updates for Windows 10, Server
2020-07-01 12:39:29
thn
thn
Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
2020-07-01 12:25:00
kaspersky
kaspersky
KLA11826 ACE vulnerabilities in Microsoft Windows
2020-06-30 00:00:00
cve
cve
CVE-2020-1457
2020-07-27 19:15:14
CVE-2020-1425
2020-07-27 19:15:14
securelist
securelist
IT threat evolution Q2 2020. PC statistics
2020-09-03 10:30:23

0.01 Low

EPSS

Percentile

83.5%

JSON
Related for ZDI-20-819
mscve1trendmicroblog1zdi6nessus1prion2cvelist2attackerkb1nvd2cisa1openvas1threatpost1thn1kaspersky1cve2securelist1