Vulnerability Name: | CVE-2019-1011 (CCN-161940) |
Assigned: | 2018-11-26 |
Published: | 2019-06-11 |
Updated: | 2019-06-13 |
Summary: | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0968, CVE-2019-0977, CVE-2019-1009, CVE-2019-1010, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050.
|
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): None Availibility (A): None | 4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) 4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): None Availibility (A): None |
|
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None | Impact Metrics: | Confidentiality (C): Partial Integrity (I): None Availibility (A): None | 3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)Exploitability Metrics: | Access Vector (AV): Local Access Complexity (AC): High Athentication (Au): Single_Instance
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): None Availibility (A): None |
|
Vulnerability Type: | CWE-200
|
Vulnerability Consequences: | Obtain Information |
References: | Source: MITRE Type: CNA CVE-2019-1011
Source: XF Type: UNKNOWN ms-windows-cve20191011-info-disc(161940)
Source: CCN Type: Microsoft Security TechCenter - June 2019 Windows GDI Information Disclosure Vulnerability
Source: MISC Type: Patch, Vendor Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1011
Source: CCN Type: ZDI-19-549 Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Source: CCN Type: ZDI-19-553 Microsoft Windows gdiplus Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
|
Vulnerable Configuration: | Configuration 1: cpe:/o:microsoft:windows_7:-:sp1:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* Configuration CCN 1: cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:*OR cpe:/o:microsoft:windows_7:-:sp1:-:*:-:-:x32:*OR cpe:/o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* Denotes that component is vulnerable |
BACK |
microsoft windows 7 - sp1
microsoft windows server 2008 - sp2
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 r2 sp1
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 * sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2