FEYE-2020-0006

Description

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Impact

Medium - information disclosure

Exploitability

Medium - An attacker needs to convince a user to visit an untrusted webpage

CVE Reference

CVE-2020-1397

Technical Details

Uninitialized memory is used in pixel data calculation when a crafted TIFF image file is rendered by Windows Imaging Component.

Resolution

This issue was fixed as part of July 2020 security update.

Discovery Credits

Dhanesh Kizhakkinan

Disclosure Timeline

03 March 2020 - Issue reported to vendor
04 March 2020 - Issue confirmed
14 July 2020 - Issue fixed and security advisory released

References

Microsoft Advisory

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FEYE-2020-0006.md

FEYE-2020-0006.md

FEYE-2020-0006

Description

Impact

Exploitability

CVE Reference

Technical Details

Resolution

Discovery Credits

Disclosure Timeline

References

Files

FEYE-2020-0006.md

Latest commit

History

FEYE-2020-0006.md

File metadata and controls

FEYE-2020-0006

Description

Impact

Exploitability

CVE Reference

Technical Details

Resolution

Discovery Credits

Disclosure Timeline

References