CVE-2018-0855

Опубликовано: 15 фев. 2018

Источник: nvd

CVSS3: 4.3

CVSS2: 4.3

EPSS Низкий

Описание

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0755, CVE-2018-0760, and CVE-2018-0761.

Ссылки

http://www.securityfocus.com/bid/102936
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040374
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102936
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040374
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0855
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08835

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-0855

CVSS3: 4.3

msrc

больше 7 лет назад

Windows EOT Font Engine Information Disclosure Vulnerability

GHSA-55x2-q2h9-grgv

CVSS3: 4.3

github

около 3 лет назад

EPSS

Процентиль: 92%

0.08835

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200