Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1153Out-of-bounds Read in Microsoft Office 2019 FOR MAC

CWE-125Out-of-bounds Read5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
2.8%
top 13.89%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
24
Microsoft Office 2019 FOR MACMicrosoft Windows 10 Version 1507Microsoft Windows 10 Version 1607+21 more
Timeline
PublishedAug 14
Latest updateMay 24

Description

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages24 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-xhpj-r5xj-f4j3: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Grap2022-05-24
CVEList
Microsoft Graphics Component Information Disclosure Vulnerability2019-08-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat12019-08-15

📋Vendor Advisories

1
Microsoft
Microsoft Graphics Component Information Disclosure Vulnerability2019-08-13
CVE-2019-1153 — Out-of-bounds Read in Microsoft | cvebase