Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-1244Sensitive Information Exposure in Windows Server 2019

CWE-200Sensitive Information Exposure9 documents5 sources
Severity
6.5MEDIUMNVD
NVD5.5
EPSS
19.6%
top 4.58%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
25
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+22 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages23 packages

CVEListV5microsoft/windows11 versions+10

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-qv24-5wr9-m3mp: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosu2022-05-24
GHSA
GHSA-9cxx-2gq5-4v8r: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosu2022-05-24
GHSA
GHSA-hvm5-44j4-v5j4: An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosu2022-05-24

💥Exploits & PoCs

1
Exploit-DB
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts2019-09-12

📋Vendor Advisories

1
Microsoft
DirectWrite Information Disclosure Vulnerability2019-09-10

💬Community

1
Bugzilla
CVE-2019-14862 knockout: Cross-site Scripting (XSS) attacks due to not escaping the name attribute.2019-10-21
CVE-2019-1244 — Sensitive Information Exposure | cvebase