Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0754: OpenType Font Driver Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2018-0754: OpenType Font Driver Information Disclosure Vulnerability

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

01/03/2018

Created

07/25/2018

Added

01/04/2018

Modified

11/18/2021

Description

An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. To exploit this vulnerability, an attacker would have to log on to an affected system and open a document containing specially crafted fonts. The update addresses the vulnerability by correcting how ATMFD.dll handles objects in memory.

Solution(s)

msft-kb4056888-664639c3-95e4-4deb-8b34-0d599c0a582b
msft-kb4056888-c0708f93-30a8-47ad-9892-f807c6f83014
msft-kb4056890-92aedd4d-0cea-4906-8353-0a8dea97f44c
msft-kb4056890-b90c6608-1562-42b3-a665-18a5bfce7a22
msft-kb4056890-e149510e-1e4a-4263-8eea-d09548b516a6
msft-kb4056891-64a4a722-8ee1-4315-8977-b970916497a7
msft-kb4056891-74b9cfdd-c2b4-4094-a7ac-49dafeacb837
msft-kb4056892-3ad66183-2a80-4552-892b-c80c34461704
msft-kb4056892-f5928a6a-8aba-4be4-8a38-07688e23afc5
msft-kb4056893-006fa0ad-ba96-48b9-9d76-ba3746a04127
msft-kb4056893-421eb4c2-e9fc-4207-b853-e9737bfe0c6b
msft-kb4056897-545c091b-94a6-46dc-93e2-11633b7d6de4
msft-kb4056897-7fa63c17-1ec4-44d9-816a-db4df3fc87bb
msft-kb4056897-8440894a-9832-495d-935e-a3b1f29a0e41
msft-kb4056897-d4619aa3-c2f9-45b9-a44a-8baf5653fb68
msft-kb4056897-d861dc88-89ae-4d1c-93e6-659b1fa6c50b
msft-kb4056897-f2fc4bd2-7c95-4f86-ad44-6bffc592693a
msft-kb4056898-0d3e73e9-7aee-45b1-bddd-ce6148027c5c
msft-kb4056898-29159163-0da5-456d-92a5-9bd853a401ae
msft-kb4056898-e49bf5fe-3b30-4481-a05f-7430b7781056
msft-kb4056899-022a0fde-5645-4e2f-bcd8-76afad8c885f
msft-kb4056899-36017692-111d-4d1a-89b1-c84d62e29bdb
msft-kb4056899-b32ad9e9-eb8a-43dc-b203-c281a3dbe29a
msft-kb4056941-07bbb7a4-51a7-4cd1-976c-7496af67861a
msft-kb4056941-25758738-2a2c-4d25-9d53-94419268a88e
msft-kb4056941-42d16f86-5bf4-496e-aced-e3a086a7f089
msft-kb4056941-f9524657-ed12-43a4-ac5e-c689063c0173

References

https://attackerkb.com/topics/cve-2018-0754
CVE - 2018-0754
4056888
4056890
4056891
4056892
4056893
4056894
4056895
4056896
4056897
4056898
4056899
4056941
4056951

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2018-0754: OpenType Font Driver Information Disclosure Vulnerability

Microsoft CVE-2018-0754: OpenType Font Driver Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.