Raw Image Extension Remote Code Execution Vulnerability
CVE-2023-28292

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Raw Image Extension
Vendor: CVE Published:; 11 April 2023

Summary

A serious vulnerability exists in the Raw Image Extension, which may allow remote attackers to execute arbitrary code on the affected systems. This can be achieved through specially crafted image files, potentially compromising the integrity and confidentiality of the user's data. It is recommended to ensure that all systems are updated to mitigate this security risk.

Affected Version(s)

Raw Image Extension Windows 10 Version 20H2 for 32-bit Systems 2.1.0.0 < 2.1.60611.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 13, 2023