CVE-2019-0618
published 2019-03-05CVE-2019-0618: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code…
PriorityP265high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
67.01%
99.2th percentile
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector: web-based — attacker hosts a specially crafted website to exploit the Windows GDI memory-handling vulnerability; user must visit the page ↗
- →Attack vector: file-sharing — attacker delivers a specially crafted document file to exploit the Windows GDI memory-handling vulnerability; user must open the file ↗
- →Vulnerable component is Windows Graphics Device Interface (GDI) / GDI+; focus detection on anomalous GDI object handling in memory ↗
- →Successful exploitation grants full system control including program installation, data manipulation, and new account creation — monitor for post-exploitation activity such as new privileged account creation ↗
- ·As of advisory publication, CVE-2019-0618 had NOT been publicly disclosed or exploited in the wild; exploitation assessed as 'Less Likely' for both latest and older software releases ↗
- ·CVE-2019-0618 and CVE-2019-0662 are distinct vulnerabilities both affecting GDI+ RCE; do not conflate indicators or patches between the two ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3c37-qxqv-r99x: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2019-0618 [HIGH] GHSA-3c37-qxqv-r99x: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0662.
GHSA
GHSA-9j2f-jh9g-rgp8: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
ghsa_unreviewed·2022-05-13·CVSS 8.8
CVE-2019-0662 [HIGH] GHSA-9j2f-jh9g-rgp8: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.
Microsoft
GDI+ Remote Code Execution Vulnerability
vendor_msrc·2019-02-12·CVSS 8.8
CVE-2019-0618 [HIGH] GDI+ Remote Code Execution Vulnerability
GDI+ Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the w
No detection rules found.
No writeups or analysis indexed.
2019-03-05
Published