Microsoft has released fixes for two remote code execution (RCE) vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
The vulnerabilities
Both flaws – CVE-2020-1425 and CVE-2020-1457 – arose because of the way the Microsoft Windows Codecs Library handled objects in memory.
CVE-2020-1425 could allow attackers to obtain information to further compromise the user’s system, and CVE-2020-1457 would allow them to execute arbitrary code, all by tricking users into opening an image file.
“To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image file, like a JPG or TIFF or PNG, and convince the targeted victim t ..
Support the originator by clicking the read the rest link below.