Microsoft Media Foundation Information Disclosure Vulnerability [CVE-2020-0939]

April 22, 2020 Jason Davies 2987 Views 0 Comments CVE-2020-0939, Information Disclosure Vulnerability, Microsoft 0 min read

CVE number – CVE-2020-0939

An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476.

A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

The Microsoft Media Foundation is a COM based multimedia framework available in Microsoft Windows since Windows Vista. It provides all sort of functionality related with audio/video operations.

This vulnerability is present in the Media Foundation MPEG4 dll which is part of the Microsoft Media Foundation framework.A specially crafted QuickTime can lead to aninformation disclosure vulnerability.

Tested Versions

Microsoft Corporation Microsoft Media Foundation 10.0.18362.476
Microsoft Corporation Windows Media Player 12.0.18362.449

Product URLs

https://docs.microsoft.com/pl-pl/windows/win32/medfound/microsoft-media-foundation-sdk

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Microsoft Media Foundation Information Disclosure Vulnerability [CVE-2020-0939]

Tested Versions

Product URLs

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

Tested Versions

Product URLs

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply