A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Published 2020-04-15 15:15:17
Updated 2021-07-21 11:39:24
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2020-0938

CVE-2020-0938 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-0938
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-0938

95.64%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-0938

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
NIST

CWE ids for CVE-2020-0938

  • The product writes data past the end, or before the beginning, of the intended buffer.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-0938

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!