Lucene search

PRIOn knowledge basePRION:CVE-2018-0855

HistoryFeb 15, 2018 - 2:29 a.m.

Information disclosure

2018-02-1502:29:00

PRIOn knowledge base

www.prio-n.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka “Windows EOT Font Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761.

CPENameOperatorVersion
windows_7eq- sp1
windows_server_2008eqr2 sp1

CPE	Name	Operator	Version
	windows_7	eq	- sp1
	windows_server_2008	eq	r2 sp1

References

www.securityfocus.com/bid/102936

www.securitytracker.com/id/1040374

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

4.5 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for PRION:CVE-2018-0855