A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.
References
Link | Resource |
---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1436 | Patch Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-20-877/ | Third Party Advisory VDB Entry |
http://www.openwall.com/lists/oss-security/2020/08/25/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2020/08/25/5 | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-07-14 16:15
Updated : 2022-05-03 06:00
NVD link : CVE-2020-1436
Mitre link : CVE-2020-1436
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
microsoft
- windows_7
- windows_server_2016
- windows_rt_8.1
- windows_server_2019
- windows_8.1
- windows_10
- windows_server_2008
- windows_server_2012