CISA KEV 정보
| 취약점명 | Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability |
|---|---|
| 설명 | Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-787 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2020-1020 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P설명: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
CWE: CWE-787 | CWE-787
참조
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020 [Patch, Vendor Advisory]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020 [Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.