CVE-2020-0997

Name of the Vulnerable Software and Affected Versions: Windows Camera Codec Pack (affected versions not specified)

Description: A remote code execution issue exists due to improper handling of objects in memory by the Windows Camera Codec Pack. This could allow an attacker to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change, or delete data, or create new accounts with full user rights. Exploitation requires a user to open a specially crafted file. Attack scenarios include email attacks where an attacker sends the crafted file and convinces the user to open it, or web-based attacks where an attacker hosts a website with the crafted file. The attacker must convince users to visit the website and open the file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.