CVE-2019-1283 — Sensitive Information Exposure in Microsoft Windows

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

5.5MEDIUMNVD

OSV6.8OSV5.0

EPSS

0.6%

top 31.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Microsoft Windows Server Microsoft Windows Server 2008 +4 more

Timeline

PublishedSep 11

Latest updateJan 13

Description

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5microsoft/windows7 for 32-bit Systems Service Pack 1, 7 for x64-based Systems Service Pack 1+1

▶NVDmicrosoft/windowsr2

▶CVEListV5microsoft/windows_server2008 R2 for Itanium-Based Systems Service Pack 1, 2008 R2 for x64-based Systems Service Pack 1, 2008 R2 for x64-based Systems Service Pack 1 (Core installation)+2

▶msrcmsrc/windows_7_for_32-bit_systems_service_pack_1

▶msrcmsrc/windows_7_for_x64-based_systems_service_pack_1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2025-01-13

▶

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-q8v2-8g7j-j273: An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Compone↗2022-05-24

▶

📋Vendor Advisories

Microsoft

Microsoft Graphics Components Information Disclosure Vulnerability↗2019-09-10

▶