Microsoft Windows Type 1 Font Parsing Remote Code Execution Vulnerability (ADV200006)

critical Nessus Plugin ID 134942

Synopsis

The remote Windows host is affected by a font parsing vulnerability.

Description

Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Note that Microsoft does not recommend that IT administrators running Windows 10 implement the workarounds described in ADV200006. Please see the vendor advisory for more information.

Solution

Microsoft has provided additional details and guidance in the ADV200006 advisory.

See Also

http://www.nessus.org/u?f05dd830

https://www.kb.cert.org/vuls/id/354840/

Plugin Details

Severity: Critical

ID: 134942

File Name: smb_microsoft_windows_adv200006.nasl

Version: 1.2

Type: local

Agent: windows

Family: Windows

Published: 3/26/2020

Updated: 4/17/2020

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Rce

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, SMB/WindowsVersionBuild