Zero-Day Advisory
Fortinet Discovers Web Media Extension Flac Decoder Memory Corruption Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered an out-of-bounds memory write vulnerability in Microsoft Web Media Extension.
Web Media Extensions is a new application for Microsoft's Windows 10 operating system that adds support for OGG, Vorbis, and Theora.
The out-of-bounds memory write vulnerability exists due to unsanitized user-controlled data crafted in a OGG file parsed by a vulnerable component. An attacker who successfully exploited the vulnerability could obtain remote code execution on the user's system.
Solutions
Users should apply the solution provided by Microsoft.
Timeline
Fortinet reported the vulnerability to Microsoft on January 18, 2021
Microsoft confirmed the vulnerability on April 06, 2021
Microsoft released a patch for the vulnerability on May 11, 2021