Out-of-bounds read in Windows and Windows Server - CVE-2018-0754
Published: January 3, 2018 / Updated: January 4, 2018
Vulnerability identifier: #VU9847
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0754
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an out-of-bounds read error in Windows Adobe Type Manager Font Driver (ATMFD.dll). A local user can run a specially crafted application to trigger memory corruption and gain access to information that could be used to try to further compromise the affected system.
The vulnerability exists due to an out-of-bounds read error in Windows Adobe Type Manager Font Driver (ATMFD.dll). A local user can run a specially crafted application to trigger memory corruption and gain access to information that could be used to try to further compromise the affected system.
How to mitigate CVE-2018-0754
Install updates from vendor's website.