CVE-2020-1167

<p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p>
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:09

Type Values Removed Values Added
References () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167 - Patch, Vendor Advisory () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1167 - Patch, Vendor Advisory
References () https://www.zerodayinitiative.com/advisories/ZDI-20-1247/ - Third Party Advisory () https://www.zerodayinitiative.com/advisories/ZDI-20-1247/ - Third Party Advisory

31 Dec 2023, 20:16

Type Values Removed Values Added
Summary A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16923. <p>A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.</p> <p>To exploit the vulnerability, a user would have to open a specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Graphics Components handle objects in memory.</p>

Information

Published : 2020-10-16 23:15

Updated : 2024-11-21 05:09


NVD link : CVE-2020-1167

Mitre link : CVE-2020-1167

CVE.ORG link : CVE-2020-1167


JSON object : View

Products Affected

microsoft

  • windows_server_2019
  • windows_10
  • windows_server_2016
CWE
CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write