Archive: (Down)
From the post:
>In May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, and any application that uses this library as a dependency is vulnerable to compromise, such as a Microsoft Office document. For example, attackers can exploit the vulnerability by creating a malicious JPEG image and inserting it into any file that leverages windowscodecs.dll. If a user opens that file, their system can be compromised by an attacker who can go on to perform RCE and take over the victim’s system.
Archive: (Down)
From the post:
>>In May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The vulnerability lies within windowscodecs.dll, and any application that uses this library as a dependency is vulnerable to compromise, such as a Microsoft Office document. For example, attackers can exploit the vulnerability by creating a malicious JPEG image and inserting it into any file that leverages windowscodecs.dll. If a user opens that file, their system can be compromised by an attacker who can go on to perform RCE and take over the victim’s system.
Login or register