CVE-2019-1049

Опубликовано: 12 июн. 2019

Источник: nvd

CVSS3: 6.5

CVSS3: 4.7

CVSS2: 4.3

EPSS Низкий

Описание

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

EPSS

Процентиль: 91%

0.07622

Низкий

6.5 Medium

CVSS3

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2019-1049

CVSS3: 4.7

msrc

около 6 лет назад

Windows GDI Information Disclosure Vulnerability

GHSA-q346-h972-2wgh

CVSS3: 6.5

github

около 3 лет назад

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1050.

BDU:2019-02212

CVSS3: 6.5

fstec

около 6 лет назад

Уязвимость компонента Windows GDI операционных систем Windows, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 91%

0.07622

Низкий

6.5 Medium

CVSS3

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200