Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1151Out-of-bounds Write in Microsoft Windows 10 Version 1507

CWE-787Out-of-bounds Write6 documents6 sources
Severity
8.8HIGHNVD
EPSS
28.4%
top 3.47%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
24
Microsoft Office 2019 FOR MACMicrosoft Windows 10 Version 1507Microsoft Windows 10 Version 1607+21 more
Timeline
PublishedAug 14
Latest updateMay 24

Description

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages24 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-9j6q-fhff-rr4p: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphic2022-05-24
CVEList
Microsoft Graphics Remote Code Execution Vulnerability2019-08-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList2019-08-15

📋Vendor Advisories

1
Microsoft
Microsoft Graphics Remote Code Execution Vulnerability2019-08-13

💬Community

1
Bugzilla
CVE-2019-9849 libreoffice: Remote resources protection module not applied to bullet graphics2019-08-05
CVE-2019-1151 — Out-of-bounds Write in Microsoft | cvebase