Question

Security issues related to vulnerabilities CVE-2020-1192 and CVE-2020-1171 are reported for the msvcp140_codecvt_ids.dll file included in the FineReader Engine 12 distribution. Is FineReader Engine 12 affected by these vulnerabilities?

Answer

The Visual Studio Code Python Extension Remote Code Execution Vulnerabilities CVE-2020-1192 and CVE-2020-1171 are actual for the Visual Studio Code Python extension versions up to (excluding) 2020.5.0:

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1171
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1192

The vulnerabilities are related to FineReader Engine 12 only indirectly, through a third-party DLL file. Furthermore, in order for an attacker to exploit the vulnerabilities, the target would need to have Visual Studio Code with the Python extension installed.

Since Visual Studio Code and the Python extension are not included in or required for FineReader Engine 12 installation, FineReader Engine 12 is not affected by these vulnerabilities.