CVE-2020-1020

Published: Apr 15, 2020Modified: Oct 29, 2025CISA KEV

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.

Affected (28)

Products: Microsoft: Windows 10 1507, Windows 10 1607, Windows 10 1709, Windows 10 1803, Windows 10 1809, Windows 10 1903, Windows 10 1909, Windows 7, Windows 8.1, Windows Rt 8.1, Windows Server 1903, Windows Server 1909, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019

16 products

Configuration A

28 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10 1507	All versions
Microsoft Windows 10 1507	All versions
Microsoft Windows 10 1607	All versions
Microsoft Windows 10 1709	All versions
Microsoft Windows 10 1803	All versions
Microsoft Windows 10 1803	All versions
Microsoft Windows 10 1803	All versions
Microsoft Windows 10 1809	All versions
Microsoft Windows 10 1809	All versions
Microsoft Windows 10 1809	All versions
Microsoft Windows 10 1903	All versions
Microsoft Windows 10 1903	All versions
Microsoft Windows 10 1903	All versions
Microsoft Windows 10 1909	All versions
Microsoft Windows 10 1909	All versions
Microsoft Windows 10 1909	All versions
Microsoft Windows 7	All versions
Microsoft Windows 8.1	All versions
Microsoft Windows Rt 8.1	All versions
Microsoft Windows Server 1903	All versions
Microsoft Windows Server 1909	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2012	All versions
Microsoft Windows Server 2012	Version r2
Microsoft Windows Server 2016	All versions
Microsoft Windows Server 2019	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (3)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.