CVE-2018-0755

Опубликовано: 15 фев. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0760, CVE-2018-0761, and CVE-2018-0855.

Ссылки

http://www.securityfocus.com/bid/102934
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040374
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0755
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102934
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040374
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0755
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.0306

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-0755

CVSS3: 5.5

msrc

больше 7 лет назад

Windows EOT Font Engine Information Disclosure Vulnerability

GHSA-fgmh-w5vm-f378

CVSS3: 5.5

github

около 3 лет назад

EPSS

Процентиль: 86%

0.0306

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200