CVE-2020-1020 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2020-1020

Analyzed

More Info Official Page

Source-secure@microsoft.com

View Known Exploited Vulnerability (KEV) details

Published At-15 Apr, 2020 | 15:15

Updated At-29 Oct, 2025 | 13:56

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2021-11-03	2022-05-03	Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability	Apply updates per vendor instructions.

Date Added: 2021-11-03

Due Date: 2022-05-03

Vulnerability Name: Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 6.8

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Microsoft Corporation

>>windows_10_1507>>-

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1507>>-

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*

Microsoft Corporation

>>windows_10_1607>>-

cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1709>>-

cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*

Microsoft Corporation

>>windows_10_1803>>-

cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*

Microsoft Corporation

>>windows_10_1803>>-

cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1803>>-

cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*

Microsoft Corporation

>>windows_10_1809>>-

cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*

Microsoft Corporation

>>windows_10_1809>>-

cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1809>>-

cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*

Microsoft Corporation

>>windows_10_1903>>-

cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:arm64:*

Microsoft Corporation

>>windows_10_1903>>-

cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1903>>-

cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x86:*

Microsoft Corporation

>>windows_10_1909>>-

cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:arm64:*

Microsoft Corporation

>>windows_10_1909>>-

cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*

Microsoft Corporation

>>windows_10_1909>>-

cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x86:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>-

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>-

cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_1903>>-

cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_1909>>-

cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

Microsoft Corporation

>>windows_server_2012>>-

cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>-

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2019>>-

cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-787	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-787

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020	secure@microsoft.com	Patch Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020	134c704f-9b21-4f2e-91b3-4a467353bcc0	US Government Resource

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1020

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1020

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource:

US Government Resource