安全研究
安全漏洞
Microsoft Windows Codecs Library远程代码执行漏洞(CVE-2020-17022)
发布日期:2020-10-16
更新日期:2020-10-27
受影响系统:
Microsoft Windows 10 Version 2004 for x64-based Sys描述:
Microsoft Windows 10 Version 2004 for ARM64-based S
Microsoft Windows 10 Version 2004 for 32-bit System
Microsoft Windows 10 Version 1909 for x64-based Sys
Microsoft Windows 10 Version 1909 for ARM64-based S
Microsoft Windows 10 Version 1909 for 32-bit System
Microsoft Windows 10 Version 1903 for x64-based Sys
Microsoft Windows 10 Version 1903 for ARM64-based S
Microsoft Windows 10 Version 1903 for 32-bit System
Microsoft Windows 10 Version 1809 for x64-based Sys
Microsoft Windows 10 Version 1809 for ARM64-based S
Microsoft Windows 10 Version 1809 for 32-bit System
Microsoft Windows 10 Version 1803 for x64-based Sys
Microsoft Windows 10 Version 1803 for ARM64-based S
Microsoft Windows 10 Version 1803 for 32-bit System
Microsoft Windows 10 Version 1709 for x64-based Sys
Microsoft Windows 10 Version 1709 for ARM64-based S
Microsoft Windows 10 Version 1709 for 32-bit System
CVE(CAN) ID: CVE-2020-17022
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。
Windows Codecs Library存在远程代码执行漏洞。该漏洞源于程序未对内存中的对象进行正确处理。攻击者可通过特制图片文件利用该漏洞执行任意代码。以下版本及产品受到影响:Windows 10 Version 1803 for 32-bit Systems、Windows 10 Version 1803 for ARM64-based Systems、Windows 10 Version 1903 for x64-based Systems、Windows 10 Version 1809 for x64-based Systems、Windows 10 Version 1903 for 32-bit Systems、Windows 10 Version 1803 for x64-based Systems、Windows 10 Version 2004 for 32-bit Systems、Windows 10 Version 2004 for ARM64-based Systems、Windows 10 Version 1709 for x64-based Systems、Windows 10 Version 1809 for 32-bit Systems、Windows 10 Version 1909 for ARM64-based Systems、Windows 10 Version 2004 for x64-based Systems、Windows 10 Version 1809 for ARM64-based Systems、Windows 10 Version 1709 for 32-bit Systems、Windows 10 Version 1909 for x64-based Systems、Windows 10 Version 1709 for ARM64-based Systems、Windows 10 Version 1903 for ARM64-based Systems版本。
<*来源:Dhanesh Kizhakkinan(FireEye Inc)
*>
建议:
厂商补丁:
Microsoft
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022
浏览次数:970
严重程度:0(网友投票)
绿盟科技给您安全的保障