Microsoft Windows up to Server 2019 Media Foundation information disclosure

Summaryinfo

A vulnerability classified as problematic was found in Microsoft Windows. This affects an unknown function of the component Media Foundation. Such manipulation leads to information disclosure. This vulnerability is referenced as CVE-2020-1487. It is possible to launch the attack remotely. No exploit is available. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability was found in Microsoft Windows (Operating System) and classified as problematic. Affected by this issue is an unknown function of the component Media Foundation. The manipulation with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. CVE summarizes:

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log onto an affected system and open a specially crafted file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The update addresses the vulnerability by correcting how Media Foundation handles objects in memory.

The weakness was published 08/11/2020 as confirmed security update guide (Website). The advisory is available at portal.msrc.microsoft.com. The public release has been coordinated with the vendor. This vulnerability is handled as CVE-2020-1487. The attack may be launched remotely. No form of authentication is required for exploitation. Successful exploitation requires user interaction by the victim. The technical details are unknown and an exploit is not available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 02/23/2026). This vulnerability is assigned to T1592 by the MITRE ATT&CK project. The advisory points out:

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Applying a patch is able to eliminate this problem. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Similar entries are available at VDB-159534, VDB-159532, VDB-159531 and VDB-159529. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Type

• Operating System

Vendor

• Microsoft

Name

• Windows

Version

• 8.1
• 10
• 10 1607
• 10 1709
• 10 1803
• 10 1809
• 10 1903
• 10 1909
• 10 2004
• RT 8.1
• Server 1903
• Server 1909
• Server 2004
• Server 2012 R2
• Server 2016
• Server 2019

License

• commercial

Website

• Vendor: https://www.microsoft.com/
• Product: https://www.microsoft.com/en-us/windows

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion