[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

151852

 
 

909

 
 

121381

 
 

163

Paid content will be excluded from the download.


Download | Alert*
OVAL

Type 1 Font Parsing Remote Code Execution Vulnerability - ADV200006

ID: oval:org.secpod.oval:def:62160Date: (C)2020-04-16   (M)2020-10-14
Class: PATCHFamily: windows




Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.

Platform:
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows 10
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Reference:
ADV200006
CVE-2020-1020
CVE    1
CVE-2020-1020
CPE    45
cpe:/o:microsoft:windows_server_2008:-:sp2
cpe:/o:microsoft:windows_server_2016:-
cpe:/o:microsoft:windows_server_2019:::x64
cpe:/o:microsoft:windows_7::sp1:x86
...

© SecPod Technologies