Microsoft Media Foundation Information Disclosure Vulnerability [CVE-2020-0939]

CVE number – CVE-2020-0939

An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476.

A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

The Microsoft Media Foundation is a COM based multimedia framework available in Microsoft Windows since Windows Vista. It provides all sort of functionality related with audio/video operations.

This vulnerability is present in the Media Foundation MPEG4 dll which is part of the Microsoft Media Foundation framework.A specially crafted QuickTime can lead to aninformation disclosure vulnerability.

Tested Versions

Microsoft Corporation Microsoft Media Foundation 10.0.18362.476
Microsoft Corporation Windows Media Player 12.0.18362.449

Product URLs

https://docs.microsoft.com/pl-pl/windows/win32/medfound/microsoft-media-foundation-sdk

Jason Davies

UK based technology professional, with an interest in computer security and telecoms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: