CVE-2020-1436
Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
Se presenta una vulnerabilidad de ejecución de código remota cuando Windows Font Library maneja inapropiadamente fuentes especialmente diseñadas. Para todos los sistemas, excepto Windows 10, un atacante que haya explotado con éxito la vulnerabilidad podría ejecutar código remotamente, también se conoce como "Windows Font Library Remote Code Execution Vulnerability"
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the parsing of fonts. Crafted data in a font can trigger a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2020-07-14 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2020/08/25/3 | Mailing List | |
http://www.openwall.com/lists/oss-security/2020/08/25/5 | Mailing List | |
https://www.zerodayinitiative.com/advisories/ZDI-20-877 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436 | 2022-05-03 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1607 Search vendor "Microsoft" for product "Windows 10" and version "1607" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1709 Search vendor "Microsoft" for product "Windows 10" and version "1709" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1803 Search vendor "Microsoft" for product "Windows 10" and version "1803" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1809 Search vendor "Microsoft" for product "Windows 10" and version "1809" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1903 Search vendor "Microsoft" for product "Windows 10" and version "1903" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1909 Search vendor "Microsoft" for product "Windows 10" and version "1909" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 2004 Search vendor "Microsoft" for product "Windows 10" and version "2004" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 1903 Search vendor "Microsoft" for product "Windows Server 2016" and version "1903" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 1909 Search vendor "Microsoft" for product "Windows Server 2016" and version "1909" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 2004 Search vendor "Microsoft" for product "Windows Server 2016" and version "2004" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Affected
|