cbcvebase.
CVE-2019-1439
published 2019-11-12

CVE-2019-1439: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information…

PriorityP346medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
75.86%
99.5th percentile
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

Affected

63 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_version_1903_for_32-bit_systems
microsoftwindows_10_version_1903_for_arm64-based_systems

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector includes convincing a user to open a specially crafted document — monitor for suspicious document opens (Office, PDF, etc.) that trigger GDI component activity.
  • The disclosed information is uninitialized memory via the Windows GDI component — look for anomalous reads from GDI objects in memory (e.g., via ETW/kernel telemetry on GDI handle operations).
  • ·Exploit status is publicly disclosed: No and exploited: No as of advisory publication — exploitation likelihood rated 'Less Likely' for both latest and older software releases.
  • ·The vulnerability is in the Windows GDI component's handling of objects in memory — detection should focus on the Microsoft Graphics Component subsystem.

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.7MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.