cbcvebase.
CVE-2019-0903
published 2019-05-16

CVE-2019-0903: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code…

PriorityP183high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-04-15
Exploited in the wild
EPSS
21.71%
97.3th percentile
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

Affected

58 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10_version_1903_for_32-bit_systems
microsoftwindows_10_version_1903_for_arm64-based_systems
microsoftwindows_10_version_1903_for_x64-based_systems
microsoftwindows_server
microsoftwindows_server

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit delivery via web-based attack: attacker hosts a specially crafted website to exploit the GDI memory handling vulnerability
  • Exploit delivery via file-sharing attack: attacker provides a specially crafted document file to exploit the vulnerability
  • CVE-2019-0903 is listed in CISA KEV catalog, indicating confirmed in-the-wild exploitation; prioritize detection and patching of Windows GDI component
  • Microsoft assesses exploitation as 'More Likely' for both latest and older software releases; treat unpatched systems as high-priority targets
  • ·Vulnerability resides in the Windows Graphics Device Interface (GDI) memory object handling; no specific file format or protocol is named in the sources, limiting precise IOC generation

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.