The two significant-severity flaws in Visual Studio Code and Microsoft Windows Codecs Library could enable remote code execution. Microsoft has issued out-of-band patches for these two “important” severity vulnerabilities, which could allow for remote code execution in case exploited.
One CVE-2020-17023 flaw exists in Microsoft’s Visual Studio Code as a free source-code editor made by Microsoft for Linux, Windows, and MacOS. The other (CVE-2020-17022) is a part of the Microsoft Windows Codecs Library; the codecs module offers stream and file interfaces for transcoding data in various Windows programs.
As per Microsoft, one “important” severity flaw stems from how Microsoft Windows Codecs Library handles objects in the memory. This vulnerability presents a CVSS score of 7.8 out of 10.