Vulnerability-Lookup

CERTFR-2021-AVI-182

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, un contournement de la fonctionnalité de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Visual Studio Code - Java Extension Pack
Microsoft	Azure	Azure Spring Cloud
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 64 bits)
Microsoft	Azure	Azure Kubernetes Service
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 32 bits)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft	N/A	Microsoft Quantum Development Kit pour Visual Studio Code
Microsoft	N/A	Microsoft Visual Studio Code ESLint extension
Microsoft	N/A	Microsoft Business Productivity Servers 2010 Service Pack 2
Microsoft	N/A	HEVC Video Extensions
Microsoft	Azure	Azure Service Fabric
Microsoft	N/A	Power BI Report Server version 15.0.1103.234
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft	N/A	Microsoft Visio 2016 (édition 64 bits)
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour systèmes 32 bits
Microsoft	N/A	Microsoft 365 Apps pour Enterprise pour 64 bits Systems
Microsoft	N/A	Microsoft Visio 2016 (édition 32 bits)
Microsoft	N/A	Power BI Report Server version 15.0.1104.300
Microsoft	N/A	Visual Studio Code Remote - Containers Extension
Microsoft	N/A	Microsoft Visio 2010 Service Pack 2 (éditions 32 bits)
Microsoft	Azure	Azure Sphere
Microsoft	N/A	Microsoft Visio 2013 Service Pack 1 (éditions 64 bits)
Microsoft	Azure	Azure Container Instance
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7)

References

Title

Publication Time

CVE-2021-21300 (GCVE-0-2021-21300)

Vulnerability from cvelistv5 – Published: 2021-03-09 00:00 – Updated: 2024-08-03 18:09

Title

malicious repositories can execute remote code while cloning

Summary

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won't work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6.

Severity

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

GitHub_M

References

14 references

URL	Tags
https://github.com/git/git/security/advisories/GH…
https://lore.kernel.org/git/xmqqim6019yd.fsf%40gi…
https://git-scm.com/docs/git-config#Documentation…
https://git-scm.com/docs/gitattributes#_filter
https://github.com/git/git/commit/684dd4c2b414bcf…
http://www.openwall.com/lists/oss-security/2021/03/09/3	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://support.apple.com/kb/HT212320
http://seclists.org/fulldisclosure/2021/Apr/60	mailing-list
https://security.gentoo.org/glsa/202104-01	vendor-advisory
http://packetstormsecurity.com/files/163978/Git-L…
https://lists.debian.org/debian-lts-announce/2022…	mailing-list

Impacted products

1 product

Vendor	Product	Version
git	git	Affected: >= 2.14.2, < 2.17.62.17.6 Affected: >= 2.18.0, < 2.18.5 Affected: >= 2.19.0, < 2.19.6 Affected: >= 2.20.0, < 2.20.5 Affected: >= 2.21.0, < 2.21.4 Affected: >= 2.22.0, < 2.22.5 Affected: >= 2.23.0, < 2.23.4 Affected: >= 2.24.0, < 2.24.4 Affected: >= 2.25.0, < 2.25.5 Affected: >= 2.26.0, < 2.26.3 Affected: >= 2.27.0, < 2.27.1 Affected: >= 2.28.0, < 2.28.1 Affected: >= 2.29.0, < 2.29.3 Affected: >= 2.30.0, < 2.30.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:15.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lore.kernel.org/git/xmqqim6019yd.fsf%40gitster.c.googlers.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git-scm.com/docs/gitattributes#_filter"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592"
          },
          {
            "name": "[oss-security] 20210309 git: malicious repositories can execute remote code while cloning",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/09/3"
          },
          {
            "name": "FEDORA-2021-63fcbd126e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/"
          },
          {
            "name": "FEDORA-2021-ffd0b2108d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/"
          },
          {
            "name": "FEDORA-2021-03e61a6647",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212320"
          },
          {
            "name": "20210427 APPLE-SA-2021-04-26-10 Xcode 12.5",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/60"
          },
          {
            "name": "GLSA-202104-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202104-01"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html"
          },
          {
            "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3145-1] git security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "git",
          "vendor": "git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.14.2, \u003c 2.17.62.17.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.18.0, \u003c 2.18.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.19.0, \u003c 2.19.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.20.0, \u003c 2.20.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.21.0, \u003c 2.21.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.22.0, \u003c 2.22.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.23.0, \u003c 2.23.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.24.0, \u003c 2.24.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.25.0, \u003c 2.25.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.26.0, \u003c 2.26.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.27.0, \u003c 2.27.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.28.0, \u003c 2.28.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.29.0, \u003c 2.29.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.30.0, \u003c 2.30.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default, and is therefore vulnerable. The problem has been patched in the versions published on Tuesday, March 9th, 2021. As a workaound, if symbolic link support is disabled in Git (e.g. via `git config --global core.symlinks false`), the described attack won\u0027t work. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. _before_ cloning), the attack is foiled. As always, it is best to avoid cloning repositories from untrusted sources. The earliest impacted version is 2.14.2. The fix versions are: 2.30.1, 2.29.3, 2.28.1, 2.27.1, 2.26.3, 2.25.5, 2.24.4, 2.23.4, 2.22.5, 2.21.4, 2.20.5, 2.19.6, 2.18.5, 2.17.62.17.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm"
        },
        {
          "url": "https://lore.kernel.org/git/xmqqim6019yd.fsf%40gitster.c.googlers.com/"
        },
        {
          "url": "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks"
        },
        {
          "url": "https://git-scm.com/docs/gitattributes#_filter"
        },
        {
          "url": "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592"
        },
        {
          "name": "[oss-security] 20210309 git: malicious repositories can execute remote code while cloning",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/09/3"
        },
        {
          "name": "FEDORA-2021-63fcbd126e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/"
        },
        {
          "name": "FEDORA-2021-ffd0b2108d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/"
        },
        {
          "name": "FEDORA-2021-03e61a6647",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/"
        },
        {
          "url": "https://support.apple.com/kb/HT212320"
        },
        {
          "name": "20210427 APPLE-SA-2021-04-26-10 Xcode 12.5",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/60"
        },
        {
          "name": "GLSA-202104-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202104-01"
        },
        {
          "url": "http://packetstormsecurity.com/files/163978/Git-LFS-Clone-Command-Execution.html"
        },
        {
          "name": "[debian-lts-announce] 20221010 [SECURITY] [DLA 3145-1] git security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html"
        }
      ],
      "source": {
        "advisory": "GHSA-8prw-h3cq-mghm",
        "discovery": "UNKNOWN"
      },
      "title": "malicious repositories can execute remote code while cloning"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21300",
    "datePublished": "2021-03-09T00:00:00.000Z",
    "dateReserved": "2020-12-22T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:09:15.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24089 (GCVE-0-2021-24089)

Vulnerability from cvelistv5 – Published: 2021-03-11 14:59 – Updated: 2024-08-03 19:21

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:08:53.060Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24089"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-24089",
    "datePublished": "2021-03-11T14:59:59.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:18.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24108 (GCVE-0-2021-24108)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:05 – Updated: 2024-08-03 19:21

Title

Microsoft Office Remote Code Execution Vulnerability

Summary

Microsoft Office Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

5 products

Vendor	Product	Version
Microsoft	Microsoft Office 2019	Affected: 19.0.0 , < https://aka.ms/OfficeSecurityReleases (custom) cpe:2.3:a:microsoft:office:2019:::::::*
Microsoft	Microsoft 365 Apps for Enterprise	Affected: 16.0.1 , < https://aka.ms/OfficeSecurityReleases (custom) cpe:2.3:a:microsoft:365_apps:-::::enterprise:::
Microsoft	Microsoft Office 2016	Affected: 16.0.0 , < publication (custom) cpe:2.3:a:microsoft:office:2016::::::x86: cpe:2.3:a:microsoft:office:2016::::::x64:
Microsoft	Microsoft Office 2010 Service Pack 2	Affected: 13.0.0.0 , < publication (custom) cpe:2.3:a:microsoft:excel:2010:sp2::::::
Microsoft	Microsoft Office 2013 Service Pack 1	Affected: 15.0.0 , < publication (custom) cpe:2.3:a:microsoft:office:2013:sp1:::rt:::* cpe:2.3:a:microsoft:office:2013:sp1:::::x86:* cpe:2.3:a:microsoft:office:2013:sp1:::::x64:*

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24108"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft 365 Apps for Enterprise",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "https://aka.ms/OfficeSecurityReleases",
              "status": "affected",
              "version": "16.0.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x86:*",
            "cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:excel:2010:sp2:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2010 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "13.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:office:2013:sp1:*:*:rt:*:*:*",
            "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x86:*",
            "cpe:2.3:a:microsoft:office:2013:sp1:*:*:*:*:x64:*"
          ],
          "platforms": [
            "ARM64-based Systems",
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Microsoft Office 2013 Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Office Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:08:46.878Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24108"
        }
      ],
      "title": "Microsoft Office Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-24108",
    "datePublished": "2021-03-11T15:05:41.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:18.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-24110 (GCVE-0-2021-24110)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:06 – Updated: 2024-08-03 19:21

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24110"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:08:55.141Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24110"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-24110",
    "datePublished": "2021-03-11T15:06:18.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:18.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26859 (GCVE-0-2021-26859)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:35 – Updated: 2024-08-03 20:33

Title

Microsoft Power BI Information Disclosure Vulnerability

Summary

Microsoft Power BI Information Disclosure Vulnerability

Severity

7.7 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C

CWE

Information Disclosure

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

2 products

Vendor	Product	Version
Microsoft	Power BI Report Server version 15.0.1103.234	Affected: 15.0.0.0 , < publication (custom) cpe:2.3:a:microsoft:power_bi_report_server:15.0.1103.234:::::::*
Microsoft	Power BI Report Server version 15.0.1104.300	Affected: 15.0.0.0 , < publication (custom) cpe:2.3:a:microsoft:power_bi_report_server:15.0.1104.300:::::::*

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:power_bi_report_server:15.0.1103.234:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Power BI Report Server version 15.0.1103.234",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:power_bi_report_server:15.0.1104.300:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Power BI Report Server version 15.0.1104.300",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft Power BI Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:08:58.257Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26859"
        }
      ],
      "title": "Microsoft Power BI Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-26859",
    "datePublished": "2021-03-11T15:35:31.000Z",
    "dateReserved": "2021-02-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:33:41.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26902 (GCVE-0-2021-26902)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:44 – Updated: 2024-08-03 20:33

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:41.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26902"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:09:19.909Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26902"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-26902",
    "datePublished": "2021-03-11T15:44:16.000Z",
    "dateReserved": "2021-02-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:33:41.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27047 (GCVE-0-2021-27047)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:44 – Updated: 2024-08-03 20:40

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:09:20.434Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27047"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-27047",
    "datePublished": "2021-03-11T15:44:25.000Z",
    "dateReserved": "2021-02-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:40:47.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27048 (GCVE-0-2021-27048)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:44 – Updated: 2024-08-03 20:40

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.047Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:09:20.970Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27048"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-27048",
    "datePublished": "2021-03-11T15:44:44.000Z",
    "dateReserved": "2021-02-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:40:47.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27049 (GCVE-0-2021-27049)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:45 – Updated: 2024-08-03 20:40

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27049"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:09:21.481Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27049"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-27049",
    "datePublished": "2021-03-11T15:45:06.000Z",
    "dateReserved": "2021-02-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:40:47.055Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27050 (GCVE-0-2021-27050)

Vulnerability from cvelistv5 – Published: 2021-03-11 15:45 – Updated: 2024-10-01 15:55

Title

HEVC Video Extensions Remote Code Execution Vulnerability

Summary

HEVC Video Extensions Remote Code Execution Vulnerability

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
Microsoft	HEVC Video Extensions	Affected: N/A

Date Public

2021-03-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:40:47.148Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27050"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-27050",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T15:38:14.515258Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-01T15:55:14.579Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [],
          "platforms": [
            "Unknown"
          ],
          "product": "HEVC Video Extensions",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        }
      ],
      "datePublic": "2021-03-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "HEVC Video Extensions Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T20:09:21.976Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27050"
        }
      ],
      "title": "HEVC Video Extensions Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-27050",
    "datePublished": "2021-03-11T15:45:13.000Z",
    "dateReserved": "2021-02-10T00:00:00.000Z",
    "dateUpdated": "2024-10-01T15:55:14.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2021-AVI-182

Solution

CVE-2021-21300 (GCVE-0-2021-21300)

CVE-2021-24089 (GCVE-0-2021-24089)

CVE-2021-24108 (GCVE-0-2021-24108)

CVE-2021-24110 (GCVE-0-2021-24110)

CVE-2021-26859 (GCVE-0-2021-26859)

CVE-2021-26902 (GCVE-0-2021-26902)

CVE-2021-27047 (GCVE-0-2021-27047)

CVE-2021-27048 (GCVE-0-2021-27048)

CVE-2021-27049 (GCVE-0-2021-27049)

CVE-2021-27050 (GCVE-0-2021-27050)

Tags

Sightings

Nomenclature