CVE-2020-16915

Name of the Vulnerable Software and Affected Versions: Windows Media Foundation versions (affected versions not specified) Windows Media Player versions (affected versions not specified)

Description: The issue is related to errors in handling objects in memory within the Windows Media Foundation component, which can lead to memory corruption. This can be exploited by an attacker to gain access to modify data, install programs, view, change, or delete data, or create new accounts with full user rights. An attacker could exploit the vulnerability by convincing a user to open a specially crafted document or visit a malicious webpage. The vulnerability is also associated with a buffer overflow in the HEVC component of Windows Media Player, allowing remote attackers to execute arbitrary code using a specially crafted file or malicious webpage.

Recommendations: For Windows Media Foundation, apply the security update that corrects how Windows Media Foundation handles objects in memory. For Windows Media Player, avoid using the HEVC stream parsing function until a patch is available. As a temporary workaround, consider restricting access to specially crafted documents and malicious webpages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.