CVE-2018-0755 — Sensitive Information Exposure in Corporation Windows Embedded Opentype Font Engine
Severity
5.5MEDIUMNVD
NVD4.3
EPSS
8.0%
top 7.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 15
Latest updateMay 14
Description
The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages6 packages
▶CVEListV5microsoft_corporation/windows_embedded_opentype_font_engineWindows 7 SP1 and Windows Server 2008 R2 SP1
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-qcj5-p7hg-54x5: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows informati↗2022-05-14
GHSA▶
GHSA-fgmh-w5vm-f378: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to↗2022-05-14
GHSA▶
GHSA-gx52-2x58-gwqc: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to↗2022-05-14
GHSA▶
GHSA-55x2-q2h9-grgv: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to↗2022-05-13