CVE-2019-0853
published 2019-04-09CVE-2019-0853: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code…
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
27.57%
97.8th percentile
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Affected
63 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit delivery via specially crafted document file — monitor for suspicious document opens that trigger GDI+ processing (e.g., EMF/WMF/image-embedded Office docs) ↗
- →Exploit delivery via web — monitor for browser-initiated GDI+ object processing from untrusted sites, particularly image rendering triggered by user navigation ↗
- →Successful exploitation results in full system control — monitor for unexpected child processes, new account creation, or privilege escalation following GDI+ image parsing ↗
- ·Exploit status at time of advisory: not publicly disclosed and not exploited in the wild — prioritize patching but no active threat campaign IOCs are available from these sources ↗
- ·Vulnerability is in the Windows GDI memory object handling — the attack surface includes any component that renders GDI+ content (browsers, Office, image viewers, email clients) ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
GDI+ Remote Code Execution Vulnerability
vendor_msrc·2019-04-09·CVSS 7.8
CVE-2019-0853 [HIGH] GDI+ Remote Code Execution Vulnerability
GDI+ Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the w
GHSA
GHSA-jffp-x5h3-26cq: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
ghsa_unreviewed·2022-05-13
CVE-2019-0853 [HIGH] CWE-824 GHSA-jffp-x5h3-26cq: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
No detection rules found.
No public exploits indexed.
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
Exploits & Vulnerabilities
# December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro
2019/12/11
Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQ
Trendmicro
December Patch Tuesday: Fixes for components, RDP
blogs_trendmicro·2019-12-11·CVSS 6.1
[MEDIUM] December Patch Tuesday: Fixes for components, RDP
# December Patch Tuesday: Fixes for components, RDP
Seven of the 36 fixes for this month's Patch Tuesday were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products: Windows, IE, Office, Hyper-V Server, and SQL Server, among others.
By: Trend Micro
Dec 11, 2019
Read time: ( words)
Save to Folio
Microsoft released a total of 36 patches for December’s Patch Tuesday. Decembers tend to have a relatively low number of patches, and the last Patch Tuesday of the 2010s was no different. Seven of the 36 patches were identified as Critical, 28 Important, and one Moderate. The vulnerabilities covered a wide variety of Microsoft products, including Windows, Internet Explorer, Office, Hyper-V Server, and SQL Server. None of the fixe
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Sfruttamento vulnerabilità
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research 2019/04/10 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Se
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Ausnutzung von Schwachstellen
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Offi
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits y vulnerabilidades
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research
Apr 10, 2019
Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
## Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research Apr 10, 2019 Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office
Trendmicro
Patch Tuesday: Fixes for Two Exploited Vulnerabilities
blogs_trendmicro·2019-04-10·CVSS 7.5
[HIGH] Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Exploits & Vulnerabilities
# Patch Tuesday: Fixes for Two Exploited Vulnerabilities
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.
By: Trend Micro Research
2019/04/10
Read time: ( words)
Save to Folio
Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important. The patches this month cover a significant number of Microsoft products and services, namely: Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Se
Bugzilla
CVE-2019-5064 opencv: Heap buffer overflow in persistence_json.cpp while parsing crafted JSON file
bugzilla·2020-01-11·CVSS 8.8
CVE-2019-5064 [HIGH] CVE-2019-5064 opencv: Heap buffer overflow in persistence_json.cpp while parsing crafted JSON file
CVE-2019-5064 opencv: Heap buffer overflow in persistence_json.cpp while parsing crafted JSON file
An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, version 4.1.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.
References:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853
Discussion:
Created opencv tracking bugs for this issue:
Affects: fedora-all [bug 1790060]
---
External References:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0853
---
Mitigation:
Avoid loading OpenCV data structures from external untrusted JSON fi
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0853https://www.zerodayinitiative.com/advisories/ZDI-19-362/https://www.zerodayinitiative.com/advisories/ZDI-19-363/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0853https://www.zerodayinitiative.com/advisories/ZDI-19-362/https://www.zerodayinitiative.com/advisories/ZDI-19-363/
2019-04-09
Published