Attacker Value
Low
(3 users assessed)
Exploitability
High
(3 users assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Local
1

ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows

Disclosure Date: April 15, 2020
Exploited in the Wild
Reported by gwillcox-r7
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka ‘Adobe Font Manager Library Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-1020.

Add Assessment

6
Ratings
Technical Analysis

A fairly standard policy of disabling preview windows is a good mitigation for this vulnerability. Since this appears to have been found in the wild, but I’m lowering this from original assessment, due to it being patched in the latest April 2020 PT, and there wasn’t a particular rush to fix it out of band.

Tencent has an analysis of the vulnerabilities based on the PT diffs: https://mp.weixin.qq.com/s/RvTZWvcXiXsI7xB6L9RWIg

From the MSRC advisory, this has limited impact on Windows 10.

For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities.

2
Ratings
Technical Analysis

Less impact on systems running windows 10 1703 and later, as all fonts are processed in user-mode app-container sandbox and successful exploitation gives limited privileges and capabilities within the sandbox.

Patch: Released by Microsoft.

1
Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

General Information

Vendors

  • Microsoft

Products

  • Windows,
  • Windows Server,
  • Windows 10 Version 1909 for 32-bit Systems,
  • Windows 10 Version 1909 for x64-based Systems,
  • Windows 10 Version 1909 for ARM64-based Systems,
  • Windows Server, version 1909 (Server Core installation),
  • Windows 10 Version 1903 for 32-bit Systems,
  • Windows 10 Version 1903 for x64-based Systems,
  • Windows 10 Version 1903 for ARM64-based Systems,
  • Windows Server, version 1903 (Server Core installation)

Additional Info

Technical Analysis