virus logo Intrusion Prevention

MS.Windows.MF.H265.Stream.Parsing.Memory.Corruption

description-logoDescription

This indicates an attack attempt to exploit a Memory Corruption Vulnerability in Microsoft Windows.
The vulnerability is due to improper validation of H265 media files. A remote attacker could exploit the vulnerability by enticing a victim user to open a maliciously crafted media file or open the folder containing the file. Successful exploitation could possibly allow the attacker to execute arbitrary code under the security context of the currently logged on user.

affected-products-logoAffected Products

Microsoft Windows 10
Microsoft Windows Server 2016
Microsoft Windows Server 2019

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16915

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-01-27 17.006 Default_action:pass:drop
2020-10-13 16.942

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16915
ID 49539
Created Oct 13, 2020
Updated Jan 26, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2020-16915
Exploit Prediction Score 0.21%
Default Action drop
Active
Affected OS Windows
Affected App Other