CVE-2019-0903
CVE-2019-0903
In short
A flaw in Windows GDI (graphics system) allows attackers to run malicious code on your computer by crafting a specially designed image or document. This is dangerous because it can happen just by opening a file or visiting a webpage.
Technical detail
Remote code execution vulnerability in Windows GDI object memory handling allows unauthenticated attackers to execute arbitrary code via malicious graphics content. Attack vector is network-based (image/document files); pre-condition requires user interaction to open crafted file. Impact includes complete system compromise with attacker privileges.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · WindowsMicrosoft · Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Windows 10 Version 1903 for x64-based SystemsMicrosoft · Windows ServerMicrosoft · Windows Server, version 1903 (Server Core installation)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →