Attacker Value
Low
(3 users assessed)
Exploitability
High
(3 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
1

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

Disclosure Date: April 15, 2020
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka ‘Adobe Font Manager Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1020.

Add Assessment

6
Ratings
Technical Analysis

A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.

Tencent has an analysis of the vulnerabilities based on the PT diffs: https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg

From the MSRC advisory, this has limited impact on Windows 10.

For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.

3
Ratings
Technical Analysis

Less impact on systems running windows 10 1703 and later, as all fonts are processed in user-mode app-container sandbox and successful exploitation gives limited privileges and capabilities within the sandbox.

Patch: Released by Microsoft.

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Vendors

  • microsoft

Products

  • windows 10 -,
  • windows 10 1607,
  • windows 10 1709,
  • windows 10 1803,
  • windows 10 1809,
  • windows 10 1903,
  • windows 10 1909,
  • windows 7 -,
  • windows 8.1 -,
  • windows rt 8.1 -,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2012 r2,
  • windows server 2016 -,
  • windows server 2016 1803,
  • windows server 2016 1903,
  • windows server 2016 1909,
  • windows server 2019 -

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis