Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-1143— Windows Graphics Component Information Disclosure Vulnerability

CVSS 5.5 · Medium EPSS 1.04% · P78
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-1143

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Windows Graphics Component Information Disclosure Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage. The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows和Windows Server Graphics Device Interface 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Windows Graphics Device Interface(GDI)是其中的一个图形设备接口。 Microsoft Windows GDI中的EMF图形的解析存在信息泄露漏洞。攻击者可借助带有特制数据的EMF图形利用该漏洞获取敏感信息。以
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
MicrosoftWindows 10 Version 1703 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1803 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
MicrosoftWindows Server, version 1803 (Server Core Installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_1803:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1809 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
MicrosoftWindows Server 2019 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
MicrosoftWindows Server 2019 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1709 for 32-bit Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1709 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1903 for 32-bit Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1903 for x64-based Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1903 for ARM64-based Systems 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
MicrosoftWindows Server, version 1903 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*
MicrosoftWindows 10 Version 1507 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
MicrosoftWindows 10 Version 1607 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
MicrosoftWindows Server 2016 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
MicrosoftWindows Server 2016 (Server Core installation) 10.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
MicrosoftWindows 7 6.1.0 ~ publication cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x86:*
MicrosoftWindows 7 Service Pack 1 6.1.0 ~ publication cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:x64:*
MicrosoftWindows 8.1 6.3.0 ~ publication cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:x86:*
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation) 6.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2008_sp2:*:*:*:*:*:*:x86:*
MicrosoftWindows Server 2008 R2 Systems Service Pack 1 6.1.0 ~ publication cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:itanium:*
MicrosoftWindows Server 2008 R2 Service Pack 1 6.1.0 ~ publication cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation) 6.0.0 ~ publication cpe:2.3:o:microsoft:windows_server_2008_R2:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 6.2.0 ~ publication cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 (Server Core installation) 6.2.0 ~ publication cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 R2 6.3.0 ~ publication cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*
MicrosoftWindows Server 2012 R2 (Server Core installation) 6.3.0 ~ publication cpe:2.3:o:microsoft:windows_server_2012_R2:*:*:*:*:*:*:x64:*

II. Public POCs for CVE-2019-1143

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-1143

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2019-08-14 · 88 CVEs total

CVE-2019-12269.8 CRITICALRemote Desktop Services Remote Code Execution Vulnerability
CVE-2019-12229.8 CRITICALRemote Desktop Services Remote Code Execution Vulnerability
CVE-2019-07369.8 CRITICALWindows DHCP Client Remote Code Execution Vulnerability
CVE-2019-11829.8 CRITICALRemote Desktop Services Remote Code Execution Vulnerability
CVE-2019-11819.8 CRITICALRemote Desktop Services Remote Code Execution Vulnerability
CVE-2019-12139.8 CRITICALWindows DHCP Server Remote Code Execution Vulnerability
CVE-2019-12129.8 CRITICALWindows DHCP Server Denial of Service Vulnerability
CVE-2019-11528.8 HIGHMicrosoft Graphics Remote Code Execution Vulnerability
CVE-2019-11518.8 HIGHMicrosoft Graphics Remote Code Execution Vulnerability
CVE-2019-11498.8 HIGHMicrosoft Graphics Remote Code Execution Vulnerability
CVE-2019-11508.8 HIGHMicrosoft Graphics Remote Code Execution Vulnerability
CVE-2019-11458.8 HIGHMicrosoft Graphics Remote Code Execution Vulnerability
CVE-2019-11448.8 HIGHMicrosoft Graphics Remote Code Execution Vulnerability
CVE-2019-11408.8 HIGHChakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-07208.0 HIGHHyper-V Remote Code Execution Vulnerability
CVE-2019-11707.9 HIGHWindows NTFS Elevation of Privilege Vulnerability
CVE-2019-11557.8 HIGHJet Database Engine Remote Code Execution Vulnerability
CVE-2019-11907.8 HIGHWindows Image Elevation of Privilege Vulnerability
CVE-2019-11567.8 HIGHJet Database Engine Remote Code Execution Vulnerability
CVE-2019-11627.8 HIGHWindows ALPC Elevation of Privilege Vulnerability

Showing top 20 of 88 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Windows 10 Version 1703
Same vendor: Microsoft

V. Comments for CVE-2019-1143

No comments yet

Leave a comment