CVE-2019-0968

EPSS 29.58%
Published 12.06.2019 14:29:01
Last modified 20.05.2025 18:15:31
Source secure@microsoft.com
Teams watchlist Login
Open Login

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Affected products Warnungen 0 Metrics 4 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 7 Version- Updatesp1

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	29.58%	0.964

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
secure@microsoft.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0968

Patch

Vendor Advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0968

https://nvd.nist.gov/vuln/detail/CVE-2019-0968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-0968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-0968

EUVD