CVE-2020-1436

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
microsoftwindows_server_2019
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/08/25/3
http://www.openwall.com/lists/oss-security/2020/08/25/5
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
https://www.zerodayinitiative.com/advisories/ZDI-20-877/
http://www.openwall.com/lists/oss-security/2020/08/25/3
http://www.openwall.com/lists/oss-security/2020/08/25/5
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436
https://www.zerodayinitiative.com/advisories/ZDI-20-877/