MNDT-2022-0016
Description
A remote code execution vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute code on the user's system.
Impact
High - remote code execution
Exploitability
High - image rendering
CVE Reference
CVE-2022-24457
Technical Details
A heap overflow vulnerability is present when a crafted HEIC image file is rendered by Windows Imaging Component.
Resolution
This issue was fixed as part of March 2022 security update.
Discovery Credits
Dhanesh Kizhakkinan, Mandiant
Disclosure Timeline
- 19 October 2021 - Issue reported to vendor
- 20 October 2021 - Issue confirmed
- 08 March 2022 - Issue fixed and security advisory released