Description
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-980/
Scores
CVSS v3
5.5
EPSS
0.0064
EPSS Percentile
70.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (7)
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
r2 sp1 (2 CPE variants)
microsoft/windows_server_2012
microsoft/windows_server_2012
r2
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026