Multiple vulnerabilities in Microsoft Windows Speech Runtime

1) Buffer overflow

EUVDB-ID: #VU45516

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1521

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Speech Runtime. A local user can use a specially crafted application, trigger memory corruption and gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 1607 - 10 2004

Windows Server: 2016 - 2019 2004

CPE2.3

• cpe:2.3:o:microsoft:windows:10:2004:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1521

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Buffer overflow

EUVDB-ID: #VU45515

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-1522

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Speech Runtime. A local user can use a specially crafted application, trigger memory corruption and gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: 10 1607 - 10 2004

Windows Server: 2016 - 2019 2004

CPE2.3

• cpe:2.3:o:microsoft:windows:10:2004:*:*:*:*:*:*

External links

http://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1522

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?