CVE-2020-1020

HIGH KEV

Microsoft Windows - RCE

Title source: llm

Description

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.

Exploits (4)

nomisec WORKING POC 11 stars

by KaLendsi · client-side

https://github.com/KaLendsi/CVE-2020-1020

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by CrackerCat · local

https://github.com/CrackerCat/CVE-2020-1020-Exploit

View Code ZIP pw:eip

inthewild

poc

https://github.com/lagal1990/cve-2020-1020-exploit

View on inthewild

inthewild

poc

https://github.com/expdev893/cve-2020-1020-exploit

View on inthewild

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020

Scores

CVSS v3 8.8

EPSS 0.8568

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-04-14

InTheWild.io 2020-04-14

ENISA EUVD EUVD-2020-11916

CWE

CWE-787

Status published

Products (18)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1607

microsoft/windows_10_1709

microsoft/windows_10_1803 (3 CPE variants)

microsoft/windows_10_1809 (3 CPE variants)

microsoft/windows_10_1903 (3 CPE variants)

microsoft/windows_10_1909 (3 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Apr 15, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026