Lucene search

K
attackerkbAttackerKBAKB:59EFDEC4-921E-411A-8743-CB603C4BC068
HistoryApr 15, 2020 - 12:00 a.m.

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

2020-04-1500:00:00
attackerkb.com
198

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka ‘Adobe Font Manager Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1020.

Recent assessments:

busterb at March 24, 2020 12:11pm UTC reported:

A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.

Tencent has an analysis of the vulnerabilities based on the PT diffs: <https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg&gt;

From the MSRC advisory, this has limited impact on Windows 10.

> For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.

bac2binary at April 15, 2020 4:26pm UTC reported:

A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.

Tencent has an analysis of the vulnerabilities based on the PT diffs: <https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg&gt;

From the MSRC advisory, this has limited impact on Windows 10.

> For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.

gwillcox-r7 at November 22, 2020 2:24am UTC reported:

A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.

Tencent has an analysis of the vulnerabilities based on the PT diffs: <https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg&gt;

From the MSRC advisory, this has limited impact on Windows 10.

> For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.

Assessed Attacker Value: 2
Assessed Attacker Value: 2Assessed Attacker Value: 4

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

Related for AKB:59EFDEC4-921E-411A-8743-CB603C4BC068