The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".
http://www.securityfocus.com/bid/102364
http://www.securitytracker.com/id/1040092
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0788
Source: MITRE
Published: 2018-01-04
Updated: 2019-10-03
Type: NVD-CWE-noinfo
Base Score: 6.9
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 3.4
Severity: MEDIUM
Base Score: 7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1
Severity: HIGH
OR
cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
105554 | KB4056899: Windows Server 2012 January 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
105553 | KB4056898: Windows 8.1 and Windows Server 2012 R2 January 2018 Security Update (Meltdown)(Spectre) | Nessus | Windows : Microsoft Bulletins | high |
105552 | KB4056897: Windows 7 and Windows Server 2008 R2 January 2018 Security Update (Meltdown)(Spectre) | Nessus | Windows : Microsoft Bulletins | high |