CVE-2020-1474

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description The issue is related to a buffer overflow in memory, allowing an attacker to disclose protected information using a specially crafted application. An authenticated attacker could exploit this by connecting an imaging device to the system and running the malicious application, potentially obtaining information to further compromise the system.

Recommendations To resolve the issue, apply the security update that corrects how the Windows Image Acquisition (WIA) Service handles objects in memory. As a temporary workaround, consider restricting access to the WIA Service to minimize the risk of exploitation. Avoid using the WIA Service with untrusted imaging devices until the issue is resolved.