CVE-2022-2191711.01.2022, 21:15HEVC Video Extensions Remote Code Execution VulnerabilityEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.8 HIGHLOCALLOWNONECVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HmicrosoftCNA7.8 HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 84%VendorProductVersionmicrosofthevc_video_extensions𝑥< 1.0.43421.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.Referenceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21917https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0008/MNDT-2022-0008.mdhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21917