Zero-Day Advisory
Fortinet Discovers Microsoft Windows Codec Library Memory Double Free Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered memory double-free on Microsoft Windows Codecs Library.
Microsoft Windows Codecs Library is a codec library that ship with encoding and decoding capabilities for image and media files that supported by Windows.
A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.
Solutions
Users should apply the solution provided by Microsoft.
Timeline
Fortinet reported the vulnerability to Microsoft on February 04, 2020
Microsoft confirmed the vulnerability on February 13, 2020
Microsoft released patch for the vulnerability on April 15, 2020
References
Acknowledgement
This vulnerability was discovered by Wayne Low of Fortinet's FortiGuard Labs.