Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1149

CWE-787Out-of-bounds Write5 documents5 sources
Severity
8.8HIGH
EPSS
31.9%
top 3.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
30
Microsoft Microsoft Office 2019 FOR MACMicrosoft Windows 10 Version 1507Microsoft Windows 10 Version 1607+27 more
Timeline
PublishedAug 14
Latest updateMay 24

Description

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages30 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-vw2q-fc9j-fxwx: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphic2022-05-24
CVEList
Microsoft Graphics Remote Code Execution Vulnerability2019-08-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables2019-08-15

📋Vendor Advisories

1
Microsoft
Microsoft Graphics Remote Code Execution Vulnerability2019-08-13
CVE-2019-1149 (HIGH CVSS 8.8) | A remote code execution vulnerabili | cvebase.io