← voltar
CVE-2019-1148

Microsoft Graphics Component Information Disclosure Vulnerability

CVSS 5.5 MEDIUMEPSS 2.8%CWE-125
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Produtos afetados
Microsoft · Microsoft Office 2019 for MacMicrosoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1703Microsoft · Windows 10 Version 1709Microsoft · Windows 10 Version 1709 for 32-bit SystemsMicrosoft · Windows 10 Version 1803Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows 7Microsoft · Windows 7 Service Pack 1Microsoft · Windows 8.1Microsoft · Windows Server 2008 R2 Service Pack 1Microsoft · Windows Server 2008 R2 Service Pack 1 (Server Core installation)Microsoft · Windows Server 2008 R2 Systems Service Pack 1Microsoft · Windows Server 2008 Service Pack 2Microsoft · Windows Server 2008 Service Pack 2Microsoft · Windows Server 2008 Service Pack 2 (Server Core installation)Microsoft · Windows Server 2012Microsoft · Windows Server 2012 R2Microsoft · Windows Server 2012 R2 (Server Core installation)Microsoft · Windows Server 2012 (Server Core installation)Microsoft · Windows Server 2016Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server, version 1803 (Server Core Installation)Microsoft · Windows Server, version 1903 (Server Core installation)
PoCs públicas encontradas2
cve_referencepacketstormsecurity.com/files/154084/Microsoft-Font-Subsetting-DLL-GetGlyphId-Out-Of-Bounds-Read.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/47262não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/154084/Microsoft-Font-Subsetting-DLL-GetGlyphId-Out-Of-Bounds-Read.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148