CVE-2020-0938
HIGH KEVMicrosoft Windows 10 1507 - Out-of-Bounds Write
Title source: ruleDescription
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
References (3)
Scores
CVSS v3
7.8
EPSS
0.8702
EPSS Percentile
99.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-11-03
VulnCheck KEV
2020-04-14
InTheWild.io
2020-04-14
ENISA EUVD
EUVD-2020-2406
CWE
CWE-787
Status
published
Products (19)
microsoft/windows_10_1507
(2 CPE variants)
microsoft/windows_10_1607
(2 CPE variants)
microsoft/windows_10_1709
(3 CPE variants)
microsoft/windows_10_1803
(3 CPE variants)
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_10_1903
(3 CPE variants)
microsoft/windows_10_1909
(3 CPE variants)
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 9 more
Published
Apr 15, 2020
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026