CVE-2020-1355Improper Input Validation in Microsoft Windows 10 Version 1903 FOR 32-bit Systems

CWE-20Improper Input ValidationCWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 33.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based SystemsMicrosoft Windows 10 Version 1903 FOR X64-based Systems+8 more
Timeline
PublishedJul 14
Latest updateMay 24

Description

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vfjj-qc2j-f9fm: A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory2022-05-24
CVEList
CVE-2020-1355: A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory2020-07-14

📋Vendor Advisories

1
Microsoft
Windows Font Driver Host Remote Code Execution Vulnerability2020-07-14

🕵️Threat Intelligence

1
Trendmicro
Fixes for ‘Wormable’ Windows RCE in July Patch Tuesday2020-07-14