AttackerKBAKB:59EFDEC4-921E-411A-8743-CB603C4BC068ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows
0.953 High
EPSS
Percentile
99.4%
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka ‘Adobe Font Manager Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1020.
Recent assessments:
busterb at March 24, 2020 12:11pm UTC reported:
A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.
Tencent has an analysis of the vulnerabilities based on the PT diffs: <https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg>
From the MSRC advisory, this has limited impact on Windows 10.
> For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.
bac2binary at April 15, 2020 4:26pm UTC reported:
A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.
Tencent has an analysis of the vulnerabilities based on the PT diffs: <https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg>
From the MSRC advisory, this has limited impact on Windows 10.
> For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.
gwillcox-r7 at November 22, 2020 2:24am UTC reported:
A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.
Tencent has an analysis of the vulnerabilities based on the PT diffs: <https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg>
From the MSRC advisory, this has limited impact on Windows 10.
> For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.
Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 4
Related
