Home

CVE-2020-1492

Description

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
15.0

Associated Vulnerability

VulnerabilityOS Platform
Netlogon Elevation of Privilege Vulnerability for Windows 8.1 for x64-based Systems (KB4571723)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4571723)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 8.1 for x86-based Systems (KB4571723)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 2004 for x86-based Systems (KB4566782)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server, version 2004 for x64-based Systems (KB4566782)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 2004 for x64-based Systems (KB4566782)Windows
Windows GDI Elevation of Privilege Vulnerability for Windows 10 Version 1709 for x86-based Systems (KB4571741)Windows
Windows GDI Elevation of Privilege Vulnerability for Windows 10 Version 1709 for x64-based Systems (KB4571741)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1809 for x86-based Systems (KB4565349)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1809 for x64-based Systems (KB4565349)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server 2019 for x64-based Systems (KB4565349)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1607 for x64-based Systems (KB4571694)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1607 for x86-based Systems (KB4571694)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server 2016 for x64-based Systems (KB4571694)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 8.1 for x64-based Systems (KB4571703)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server 2012 R2 for x64-based Systems (KB4571703)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 8.1 for x86-based Systems (KB4571703)Windows
Windows GDI Elevation of Privilege Vulnerability for Windows 10 Version 1803 for x64-based Systems (KB4571709)Windows
Windows GDI Elevation of Privilege Vulnerability for Windows 10 Version 1803 for x86-based Systems (KB4571709)Windows
Windows GDI Elevation of Privilege Vulnerability for Windows 10 Version 1507 for x64-based Systems (KB4571692)Windows
Windows GDI Elevation of Privilege Vulnerability for Windows 10 Version 1507 for x86-based Systems (KB4571692)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1909 for x64-based Systems (KB4565351)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1903 for x64-based Systems (KB4565351)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server, version 1903 for x64-based Systems (KB4565351)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1909 for x86-based Systems (KB4565351)Windows
Netlogon Elevation of Privilege Vulnerability for Windows Server, version 1909 for x64-based Systems (KB4565351)Windows
Netlogon Elevation of Privilege Vulnerability for Windows 10 Version 1903 for x86-based Systems (KB4565351)Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-294722020-08 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4571723) (CVE-2020-1464) (CVE-2020-1472)
PATCH-294732020-08 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4571723) (CVE-2020-1464) (CVE-2020-1472)
PATCH-294742020-08 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4571723) (CVE-2020-1464) (CVE-2020-1472)
PATCH-295022020-08 Cumulative Update for Windows 10 Version 2004 for x86-based Systems (KB4566782) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-295032020-08 Cumulative Update for Windows Server, version 2004 for x64-based Systems (KB4566782) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-295042020-08 Cumulative Update for Windows 10 Version 2004 for x64-based Systems (KB4566782) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294982020-08 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4571741) (CVE-2020-1464) (CVE-2020-1380)
PATCH-294992020-08 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4571741) (CVE-2020-1464) (CVE-2020-1380)
PATCH-294952020-08 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4565349) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294962020-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4565349) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294972020-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4565349) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-295052020-08 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4571694) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-295062020-08 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4571694) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-295072020-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4571694) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294762020-08 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4571703) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294772020-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4571703) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294782020-08 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4571703) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-295002020-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4571709) (CVE-2020-1464) (CVE-2020-1380)
PATCH-295012020-08 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4571709) (CVE-2020-1464) (CVE-2020-1380)
PATCH-295082020-08 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4571692) (CVE-2020-1464) (CVE-2020-1380)
PATCH-295092020-08 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4571692) (CVE-2020-1464) (CVE-2020-1380)
PATCH-294892020-08 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4565351) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294902020-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4565351) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294912020-08 Cumulative Update for Windows Server, version 1903 for x64-based Systems (KB4565351) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294922020-08 Cumulative Update for Windows 10 Version 1909 for x86-based Systems (KB4565351) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294932020-08 Cumulative Update for Windows Server, version 1909 for x64-based Systems (KB4565351) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)
PATCH-294942020-08 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4565351) (CVE-2020-1464) (CVE-2020-1380) (CVE-2020-1472)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234