CVE-2020-1574
MEDIUMMicrosoft Windows 10 - Remote Code Execution via Crafted Image File
Title source: llmDescription
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574
Scores
CVSS v3
5.5
EPSS
0.0259
EPSS Percentile
83.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-119
Status
published
Products (4)
Microsoft/Windows 10 Version 1909
Microsoft/Windows 10 Version 2004
microsoft/windows_10
1909
microsoft/windows_10
2004
Published
Aug 17, 2020
Tracked Since
Feb 18, 2026