HTTP: Microsoft Windows Codecs Library Information Disclosure
An information disclosure vulnerability exists in Windows Codecs Library. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted image file. Successful exploitation could result in the disclosure of information which could be used to further compromise the target system.
Extended Description
An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
Affected Products
Microsoft windows_server_2019
References
CVE: CVE-2018-8506
Short Name
HTTP:STC:IMG:JPEG:CODEC-LIB-ID
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2018-8506 Codecs Disclosure Information Library Microsoft Windows
Release Date
01/22/2019
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Rarely
Vendors
Microsoft
CVSS Score
1.9