⚠

Imported from CISA KEV catalog — never analyzed by ThreatLevel. This CVE is part of the CISA Known Exploited Vulnerabilities catalog. Only data from CISA KEV and NVD is shown below; no AI analysis or priority classification has been computed.

Unclassified

CVE-2020-1020

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

Summary

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

Classification

This CVE has no priority classification because it was imported directly from the CISA KEV catalog without running the AI analysis pipeline. CISA KEV listing implies active exploitation in the wild; treat with the urgency that implies.

Exploitation Details

Type

—

Is exploitable with default configuration?

Is authentication needed?

PoC / Exploit

Impact

—

Detection Resources

Manual Detection

Script Detection

Scanner Detection

Affected Software

Vendor:Microsoft

Product	Affected Versions
Windows	Unknown

Deployment:—

Protocol:—

Ports:—

Enterprise Usage

Very Low

Low

Medium

High

Very High

Vendor Size:—

Vendor Notifications

Not available

Remediation

Workaround

Not available

Patch

Not available

Update

Not available

Threat Intelligence

EPSS Score85.7%

Probability of exploitation in the next 30 days

EPSS Percentile99%

Worse than 99% of all CVEs

Last updated: Loading...

CISA KEV

Listed

Active Exploitation

Active

cisa.gov

Threat Actors

No known threat actors

Detection Rules

No detection rules available

NVD Data

Published: Loading...Modified: Loading...

Description Summary

No description available

CVSS Base Score

8.8

High

CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Attack Vector (AV)

Physical

Local

Adjacent

Network

Attack Complexity (AC)

High

Low

Privileges Required (PR)

High

Low

None

User Interaction (UI)

Required

None

Scope (S)

Unchanged

Changed

Confidentiality (C)

None

Low

High

Integrity (I)

None

Low

High

Availability (A)

None

Low

High

CWE:CWE-787 Out-of-bounds Write

NVD:CVE-2020-1020

Version From:—

Version Upto:—

Affected Software (CPE) (28)

•cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*
•cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*
•cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*
•cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*
•cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*
•cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*
•cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:arm64:*
•cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x86:*
•cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:arm64:*
•cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x86:*
•cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*
•cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
•cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
•cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Sources

No sources

Priority History

No priority changes recorded