cnvd - cnvd-2021-22183

cnvd-2021-22183

Vulnerability from cnvd

Title

Microsoft Media Foundation内存损坏漏洞

Description

Media Foundation是微软在Windows Vista上推出的新一代多媒体应用库，目的是提供Windows平台一个统一的多媒体影音解决方案，开发者可以通过Media Foundation播放视频或声音文件、进行多媒体文件格式转码，或者将一连串图片编码为视频等等。 Microsoft Media Foundation内存损坏漏洞,目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Microsoft Media Foundation内存损坏漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1238

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-1238

Impacted products

Name
['Microsoft Windows Server 2019', 'Microsoft Windows Server 2016 1803', 'Microsoft Windows 10 1709', 'Microsoft Windows 10 1803', 'Microsoft Windows 10 1809', 'Microsoft Windows 10 1903', 'Microsoft Windows 10 1909', 'Microsoft Windows Server 2016 1903', 'Microsoft Windows Server 2016 1909', 'Microsoft Windows Server 2016 2004', 'Microsoft Windows 10 2004']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-1238"
    }
  },
  "description": "Media Foundation\u662f\u5fae\u8f6f\u5728Windows Vista\u4e0a\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u591a\u5a92\u4f53\u5e94\u7528\u5e93\uff0c\u76ee\u7684\u662f\u63d0\u4f9bWindows\u5e73\u53f0\u4e00\u4e2a\u7edf\u4e00\u7684\u591a\u5a92\u4f53\u5f71\u97f3\u89e3\u51b3\u65b9\u6848\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u901a\u8fc7Media Foundation\u64ad\u653e\u89c6\u9891\u6216\u58f0\u97f3\u6587\u4ef6\u3001\u8fdb\u884c\u591a\u5a92\u4f53\u6587\u4ef6\u683c\u5f0f\u8f6c\u7801\uff0c\u6216\u8005\u5c06\u4e00\u8fde\u4e32\u56fe\u7247\u7f16\u7801\u4e3a\u89c6\u9891\u7b49\u7b49\u3002\n\nMicrosoft Media Foundation\u5185\u5b58\u635f\u574f\u6f0f\u6d1e,\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1238",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-22183",
  "openTime": "2021-03-25",
  "patchDescription": "Media Foundation\u662f\u5fae\u8f6f\u5728Windows Vista\u4e0a\u63a8\u51fa\u7684\u65b0\u4e00\u4ee3\u591a\u5a92\u4f53\u5e94\u7528\u5e93\uff0c\u76ee\u7684\u662f\u63d0\u4f9bWindows\u5e73\u53f0\u4e00\u4e2a\u7edf\u4e00\u7684\u591a\u5a92\u4f53\u5f71\u97f3\u89e3\u51b3\u65b9\u6848\uff0c\u5f00\u53d1\u8005\u53ef\u4ee5\u901a\u8fc7Media Foundation\u64ad\u653e\u89c6\u9891\u6216\u58f0\u97f3\u6587\u4ef6\u3001\u8fdb\u884c\u591a\u5a92\u4f53\u6587\u4ef6\u683c\u5f0f\u8f6c\u7801\uff0c\u6216\u8005\u5c06\u4e00\u8fde\u4e32\u56fe\u7247\u7f16\u7801\u4e3a\u89c6\u9891\u7b49\u7b49\u3002\r\n\r\nMicrosoft Media Foundation\u5185\u5b58\u635f\u574f\u6f0f\u6d1e,\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Media Foundation\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Windows Server 2019",
      "Microsoft Windows Server 2016 1803",
      "Microsoft Windows 10 1709",
      "Microsoft Windows 10 1803",
      "Microsoft Windows 10 1809",
      "Microsoft Windows 10 1903",
      "Microsoft Windows 10 1909",
      "Microsoft Windows Server 2016 1903",
      "Microsoft Windows Server 2016 1909",
      "Microsoft Windows Server 2016 2004",
      "Microsoft Windows 10 2004"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-1238",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-10",
  "title": "Microsoft Media Foundation\u5185\u5b58\u635f\u574f\u6f0f\u6d1e"
}

CVE-2020-1238 (GCVE-0-2020-1238)

Vulnerability from cvelistv5

Published

2020-06-09 19:43

Modified

2024-08-04 06:31

Severity ?

CWE

Remote Code Execution

Summary

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1239.

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1238	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-20-696/	x_refsource_MISC
	https://www.zerodayinitiative.com/advisories/ZDI-20-695/	x_refsource_MISC

Impacted products

Vendor

Product

Version

Microsoft

Windows

Version: 10 Version 1803 for 32-bit Systems
Version: 10 Version 1803 for x64-based Systems
Version: 10 Version 1803 for ARM64-based Systems
Version: 10 Version 1809 for 32-bit Systems
Version: 10 Version 1809 for x64-based Systems
Version: 10 Version 1809 for ARM64-based Systems
Version: 10 Version 1709 for 32-bit Systems
Version: 10 Version 1709 for x64-based Systems
Version: 10 Version 1709 for ARM64-based Systems

Microsoft	Windows Server	Version: version 1803 (Core Installation) Version: 2019 Version: 2019 (Core installation)
Microsoft	Windows 10 Version 1909 for 32-bit Systems	Version: unspecified
Microsoft	Windows 10 Version 1909 for x64-based Systems	Version: unspecified
Microsoft	Windows 10 Version 1909 for ARM64-based Systems	Version: unspecified
Microsoft	Windows Server, version 1909 (Server Core installation)	Version: unspecified
Microsoft	Windows 10 Version 1903 for 32-bit Systems	Version: unspecified
Microsoft	Windows 10 Version 1903 for x64-based Systems	Version: unspecified
Microsoft	Windows 10 Version 1903 for ARM64-based Systems	Version: unspecified
Microsoft	Windows Server, version 1903 (Server Core installation)	Version: unspecified
Microsoft	Windows 10 Version 2004 for ARM64-based Systems	Version: unspecified
Microsoft	Windows Server, version 2004 (Server Core installation)	Version: unspecified
Microsoft	Windows 10 Version 2004 for 32-bit Systems	Version: unspecified

Show details on NVD website