Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

MNDT-2022-0014

Description

A remote code execution vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute code on the user's system.

Impact

High - remote code execution

Exploitability

High - image rendering

CVE Reference

CVE-2022-24453

Technical Details

A heap overflow vulnerability is present when a crafted HEIC image file is rendered by Windows Imaging Component.

Resolution

This issue was fixed as part of March 2022 security update.

Discovery Credits

Dhanesh Kizhakkinan, Mandiant

Disclosure Timeline

  • 19 October 2021 - Issue reported to vendor
  • 20 October 2021 - Issue confirmed
  • 08 March 2022 - Issue fixed and security advisory released

References