CVE-2020-1436

high

Description

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.

References

Advisories
More

https://www.zerodayinitiative.com/advisories/ZDI-20-877/

http://www.openwall.com/lists/oss-security/2020/08/25/5

http://www.openwall.com/lists/oss-security/2020/08/25/3

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436

Details

Source: Mitre, NVD

Published: 2020-07-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.09233