目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2020-1525— Microsoft Media Foundation 缓冲区错误漏洞

CVSS 7.8 · High EPSS 2.85% · P85
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2020-1525 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Media Foundation Memory Corruption Vulnerability
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage. The security update addresses the vulnerability by correcting how Windows Media Foundation handles objects in memory.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Microsoft Media Foundation 缓冲区错误漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Media Foundation是其中的一个多媒体应用库。 Microsoft Media Foundation中存在安全漏洞,该漏洞源于程序没有正确处理内存中的对象。攻击者可利用该漏洞安装程序;查看、更改或删除数据;或者创建拥有全部用户权限的新
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
MicrosoftWindows 10 Version 2004 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
MicrosoftWindows Server version 2004 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1803 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
MicrosoftWindows 10 Version 1809 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
MicrosoftWindows Server 2019 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
MicrosoftWindows Server 2019 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1909 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
MicrosoftWindows Server, version 1909 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1709 for 32-bit Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1709 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1903 for 32-bit Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1903 for x64-based Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1903 for ARM64-based Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
MicrosoftWindows Server, version 1903 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1507 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
MicrosoftWindows 10 Version 1607 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
MicrosoftWindows Server 2016 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
MicrosoftWindows Server 2016 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*

二、漏洞 CVE-2020-1525 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2020-1525 的情报信息

登录查看更多情报信息。

CVE-2020-1525 厂商安全公告 (1)

同批安全公告 · Microsoft · 2020-08-17 · 共 121 条

CVE-2020-146710.0 CRITICALMicrosoft Windows和Windows Server 安全漏洞
CVE-2020-15838.8 HIGHMicrosoft Word 信息泄露漏洞
CVE-2020-15048.8 HIGHMicrosoft Excel 缓冲区错误漏洞
CVE-2020-15528.0 HIGHMicrosoft Windows Work Folder Service 缓冲区错误漏洞
CVE-2020-15207.8 HIGHMicrosoft Windows Font Driver 缓冲区错误漏洞
CVE-2020-15347.8 HIGHMicrosoft Windows Backup Service 安全漏洞
CVE-2020-15337.8 HIGHMicrosoft Windows WalletService 缓冲区错误漏洞
CVE-2020-15317.8 HIGHMicrosoft Windows Accounts Control 缓冲区错误漏洞
CVE-2020-15307.8 HIGHMicrosoft Windows Remote Access 缓冲区错误漏洞
CVE-2020-15297.8 HIGHMicrosoft Windows Graphics Device Interface 缓冲区错误漏洞
CVE-2020-15287.8 HIGHMicrosoft Windows Radio Manager API 缓冲区错误漏洞
CVE-2020-15277.8 HIGHMicrosoft Windows Custom Protocol Engine 缓冲区错误漏洞
CVE-2020-15267.8 HIGHMicrosoft Windows Network Connection Broker 安全漏洞
CVE-2020-15247.8 HIGHMicrosoft Windows Speech Shell 安全漏洞
CVE-2020-15227.8 HIGHMicrosoft Windows Network Connection Broker 安全漏洞
CVE-2020-15127.8 HIGHMicrosoft Windows State Repository Service 信息泄露漏洞
CVE-2020-15157.8 HIGHMicrosoft Windows Telephony Server 安全漏洞
CVE-2020-15137.8 HIGHMicrosoft Windows CSC Service 安全漏洞
CVE-2020-15167.8 HIGHMicrosoft Windows Work Folders Service 安全漏洞
CVE-2020-15117.8 HIGHMicrosoft Connected User Experiences and Telemetry Service 安全漏洞

显示前 20 条,共 121 条。 查看全部 → →

IV. Related Vulnerabilities

V. Comments for CVE-2020-1525

暂无评论


发表评论