CVE-2019-1124
published 2019-07-15CVE-2019-1124: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This…
PriorityP266high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
18.42%
96.9th percentile
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | windows_10_version_1709_for_arm64-based_systems | — | — |
| msrc | windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | windows_10_version_1803_for_32-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect OpenType/CFF fonts with empty or null-prefixed ROS (Registry/Ordering/Supplement) strings — specifically Registry or Ordering strings beginning with a null byte (e.g. '\0dobe', '\0dentity') — which trigger the AFDKO cfwSindexAssignSID OOB read/write via SRI_UNDEF (0xffff) index. ↗
- →Monitor Microsoft Edge renderer process crashes in DWrite!cfwSindexAssignSID with rcx=0xffff (index=65535), indicating exploitation attempt of the OOB read/write via crafted OpenType font during printing (to PDF, XPS, or physical printer). ↗
- →The vulnerability is reachable via the Direct2D printing interface in Microsoft Edge — monitor for Edge renderer processes invoking d2d1!dxc::TextConvertor::InstanceFontResources or dwrite!DWriteFactory::CreateInstancedStream when processing web pages with embedded OpenType variable fonts during print operations. ↗
- ·The AFDKO code is reached through CreateInstancedStream, which is not a public COM interface — the confirmed trigger path is via Direct2D printing (d2d1!dxc::TextConvertor::InstanceFontResources); other trigger paths may exist but were not confirmed at time of disclosure. ↗
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
DirectWrite Remote Code Execution Vulnerability
vendor_msrc·2019-07-09·CVSS 7.8
CVE-2019-1124 [HIGH] DirectWrite Remote Code Execution Vulnerability
DirectWrite Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how DirectWrite handles objects in memory.
Microsoft Graphics Component: Microsoft Graphics Component
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit St
GHSA
GHSA-229f-hv2p-3mxc: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1128 [HIGH] GHSA-229f-hv2p-3mxc: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.
GHSA
GHSA-q2ww-4p89-22gg: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1121 [HIGH] GHSA-q2ww-4p89-22gg: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-j839-xpjx-4gm7: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1120 [HIGH] GHSA-j839-xpjx-4gm7: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-34cj-gvj6-2422: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1124 [HIGH] GHSA-34cj-gvj6-2422: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-mv4v-p439-fv5j: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1123 [HIGH] GHSA-mv4v-p439-fv5j: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-4rm2-m5fr-hpg9: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1119 [HIGH] GHSA-4rm2-m5fr-hpg9: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-5559-9px3-6x8w: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1127 [HIGH] GHSA-5559-9px3-6x8w: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.
GHSA
GHSA-gj6q-6rxx-9w68: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1118 [HIGH] GHSA-gj6q-6rxx-9w68: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-6f96-cv22-mggm: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1117 [HIGH] GHSA-6f96-cv22-mggm: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
GHSA
GHSA-jpfm-wf34-x9vx: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2019-1122 [HIGH] GHSA-jpfm-wf34-x9vx: A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerabili
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
No detection rules found.
No writeups or analysis indexed.
2019-07-15
Published