{"api_version":"1","generated_at":"2026-07-09T03:55:49+00:00","cve":"CVE-2020-1574","urls":{"html":"https://cve.report/CVE-2020-1574","api":"https://cve.report/api/cve/CVE-2020-1574.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-1574","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-1574"},"summary":{"title":"Microsoft Windows Codecs Library Remote Code Execution Vulnerability","description":"A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.","state":"PUBLISHED","assigner":"microsoft","published_at":"2020-08-17 19:15:21","updated_at":"2026-05-29 21:16:39"},"problem_types":["NVD-CWE-noinfo","CWE-119","Remote Code Execution","CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Secondary","score":"7.3","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"secure@microsoft.com","type":"Secondary","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C","data":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C","version":"3.1"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.9","severity":"","vector":"AV:L/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-1574","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1574","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Microsoft","product":"Windows 10 Version 2004","version":"affected N/A","platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"]},{"source":"CNA","vendor":"Microsoft","product":"Windows 10 Version 1909","version":"affected N/A","platforms":["32-bit Systems","x64-based Systems","ARM64-based Systems"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"1574","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"1909","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1574","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows_10","cpe6":"2004","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2020","cve_id":"1574","cve":"CVE-2020-1574","epss":"0.011890000","percentile":"0.791440000","score_date":"2026-06-03","updated_at":"2026-06-04 00:06:36"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-04T06:39:10.502Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2020-1574","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-05-29T20:49:47.565243Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-119","description":"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-29T20:49:50.758Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":[],"platforms":["32-bit Systems","ARM64-based Systems","x64-based Systems"],"product":"Windows 10 Version 2004","vendor":"Microsoft","versions":[{"status":"affected","version":"N/A"}]},{"cpes":[],"platforms":["32-bit Systems","x64-based Systems","ARM64-based Systems"],"product":"Windows 10 Version 1909","vendor":"Microsoft","versions":[{"status":"affected","version":"N/A"}]}],"datePublic":"2020-08-11T07:00:00.000Z","descriptions":[{"lang":"en-US","value":"A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory."}],"metrics":[{"cvssV3_1":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en-US","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"Remote Code Execution","lang":"en-US","type":"Impact"}]}],"providerMetadata":{"dateUpdated":"2024-05-29T16:33:18.224Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"tags":["x_refsource_MISC"],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1574"}],"title":"Microsoft Windows Codecs Library Remote Code Execution Vulnerability"}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2020-1574","datePublished":"2020-08-17T19:13:48.000Z","dateReserved":"2019-11-04T00:00:00.000Z","dateUpdated":"2026-05-29T20:49:50.758Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2020-08-17 19:15:21","lastModifiedDate":"2026-05-29 21:16:39","problem_types":["NVD-CWE-noinfo","CWE-119","Remote Code Execution","CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"],"metrics":{"cvssMetricV31":[{"source":"secure@microsoft.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.3,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:C/I:C/A:C","baseScore":6.9,"accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":3.4,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*","matchCriteriaId":"E9273B95-20ED-4547-B0A8-95AD15B30372"},{"vulnerable":true,"criteria":"cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*","matchCriteriaId":"AAE74AF3-C559-4645-A6C0-25C3D647AAC8"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"1574","Ordinal":"1","Title":"Microsoft Windows Codecs Library Remote Code Execution Vulnerabi","CVE":"CVE-2020-1574","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"1574","Ordinal":"1","NoteData":"A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.\nExploitation of the vulnerability requires that a program process a specially crafted image file.\nThe update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.","Type":"Description","Title":"Microsoft Windows Codecs Library Remote Code Execution Vulnerabi"},{"CveYear":"2020","CveId":"1574","Ordinal":"2","NoteData":"2020-08-17","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"1574","Ordinal":"3","NoteData":"2020-08-17","Type":"Other","Title":"Modified"}]}}}