CVE-2019-0903
published 2019-05-16CVE-2019-0903: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code…
PriorityP183high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
21.71%
97.3th percentile
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Affected
58 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit delivery via web-based attack: attacker hosts a specially crafted website to exploit the GDI memory handling vulnerability ↗
- →Exploit delivery via file-sharing attack: attacker provides a specially crafted document file to exploit the vulnerability ↗
- →CVE-2019-0903 is listed in CISA KEV catalog, indicating confirmed in-the-wild exploitation; prioritize detection and patching of Windows GDI component ↗
- →Microsoft assesses exploitation as 'More Likely' for both latest and older software releases; treat unpatched systems as high-priority targets ↗
- ·Vulnerability resides in the Windows Graphics Device Interface (GDI) memory object handling; no specific file format or protocol is named in the sources, limiting precise IOC generation ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cmq3-fp3c-p3qr: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
ghsa_unreviewed·2022-05-24
CVE-2019-0903 [HIGH] GHSA-cmq3-fp3c-p3qr: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remo
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
VulnCheck
Microsoft GDI Remote Code Execution Vulnerability
vulncheck·2019·CVSS 8.8
CVE-2019-0903 [HIGH] Microsoft GDI Remote Code Execution Vulnerability
Microsoft GDI Remote Code Execution Vulnerability
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Affected: Microsoft Graphics Device Interface (GDI)
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blog.sonicwall.com/en-us/2019/12/top-cves-exploited-in-the-wild-in-the-year-2019/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-04-15
CISA
Microsoft GDI Remote Code Execution Vulnerability
cisa·2022-03-25·CVSS 8.8
CVE-2019-0903 [HIGH] Microsoft GDI Remote Code Execution Vulnerability
Vulnerability: Microsoft GDI Remote Code Execution Vulnerability
Affected: Microsoft Graphics Device Interface (GDI)
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0903
Remediation Due Date: 2022-04-15
Microsoft
GDI+ Remote Code Execution Vulnerability
vendor_msrc·2019-05-14·CVSS 8.8
CVE-2019-0903 [HIGH] GDI+ Remote Code Execution Vulnerability
GDI+ Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are multiple ways an attacker could exploit the vulnerability:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the w
No detection rules found.
No public exploits indexed.
2019-05-16
Published
2022-03-25
Added to CISA KEV
Exploited in the wild