CVE number – CVE-2020-0939
An exploitable code execution vulnerability exists in the CQTMetadataKeysAtom GetKeyForIndex functionality of Microsoft Corporation Microsoft Media Foundation 10.0.18362.476.
A specially crafted malformed file can cause code execution resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
The Microsoft Media Foundation is a COM based multimedia framework available in Microsoft Windows since Windows Vista. It provides all sort of functionality related with audio/video operations.
This vulnerability is present in the Media Foundation MPEG4 dll which is part of the Microsoft Media Foundation framework.A specially crafted QuickTime can lead to aninformation disclosure vulnerability.
Microsoft Corporation Microsoft Media Foundation 10.0.18362.476
Microsoft Corporation Windows Media Player 12.0.18362.449