CVE-2020-16918: Base3D Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2020-Oct

Released

2020-10-13

EPSS Score

12.49% (percentile: 93.9%)

Description

A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory. An attacker who successfully exploited the vulnerability would gain execution on a victim system. The security update addresses the vulnerability by correcting how the Base3D rendering engine handles memory.

FAQ

Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector.

Affected Products (3)

Other

• 11762
• 11763
• 11760

Security Updates (1)

• Release Notes

Acknowledgments

Keqi Hu

Revision History

• 2020-10-13: Information published.