Vulnerability Description
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The update addresses the vulnerability by correcting the way in which the Windows Graphics Component handles objects in memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2019 |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 7 | - |
| Microsoft | Windows 8.1 | - |
| Microsoft | Windows Rt 8.1 | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Server 2012 | - |
| Microsoft | Windows Server 2016 | - |
| Microsoft | Windows Server 2019 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/154084/Microsoft-Font-Subsetting-DLL-GetGlyThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148PatchVendor Advisory
- http://packetstormsecurity.com/files/154084/Microsoft-Font-Subsetting-DLL-GetGlyThird Party AdvisoryVDB Entry
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1148PatchVendor Advisory
FAQ
What is CVE-2019-1148?
CVE-2019-1148 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain...
How severe is CVE-2019-1148?
CVE-2019-1148 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1148?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Windows 10, Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows Rt 8.1.