Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiHossein Lotfi of Trend Micro Zero Day InitiativeZDI-19-333
HistoryApr 04, 2019 - 12:00 a.m.

Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

2019-04-0400:00:00
Hossein Lotfi of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
11

EPSS

0.13

Percentile

95.6%

JSON

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of emf files in the gdiplus library. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.

Related

symantec 1
mscve 1
zdi 1
cve 2
prion 2
nvd 2
cvelist 2
mskb 15
nessus 10
kaspersky 2
openvas 8
talosblog 1
symantec
symantec
Microsoft Windows GDI Component CVE-2019-0774 Information Disclosure Vulnerability
2019-03-12 00:00:00
mscve
mscve
Windows GDI Information Disclosure Vulnerability
2019-03-12 07:00:00
zdi
zdi
Microsoft Windows SetEnhMetaFileBits Out-Of-Bounds Read Information Disclosure Vulnerability
2019-03-12 00:00:00
cve
cve
CVE-2019-0614
2019-04-08 23:29:00
CVE-2019-0774
2019-04-09 03:29:00
prion
prion
Information disclosure
2019-04-08 23:29:00
Information disclosure
2019-04-09 03:29:00
nvd
nvd
CVE-2019-0774
2019-04-09 03:29:00
CVE-2019-0614
2019-04-08 23:29:00
cvelist
cvelist
CVE-2019-0614
2019-04-08 22:36:45
CVE-2019-0774
2019-04-09 02:15:34
mskb
mskb
Description of the security update for the information disclosure vulnerabilities in Windows Embedded POSReady 2009: March 12, 2019
2019-03-12 00:00:00
March 12, 2019—KB4489876 (Security-only update)
2019-03-12 07:00:00
March 12, 2019—KB4489883 (Security-only update)
2019-03-12 07:00:00
nessus
nessus
KB4489876: Windows Server 2008 March 2019 Security Update
2019-03-12 00:00:00
KB4489886: Windows 10 Version 1709 and Windows Server Version 1709 March 2019 Security Update
2019-03-12 00:00:00
KB4489884: Windows Server 2012 March 2019 Security Update
2019-03-12 00:00:00
kaspersky
kaspersky
KLA11876 Multiple vulnerabiltiies in Microsoft Products (ESU)
2019-03-12 00:00:00
KLA11438 Multiple vulnerabilities in Microsoft Windows
2019-03-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4489878)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489881)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489872)
2019-03-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — March 2019: Vulnerability disclosures and Snort coverage
2019-03-12 11:00:00

EPSS

0.13

Percentile

95.6%

JSON
Related for ZDI-19-333
symantec1mscve1zdi1cve2prion2nvd2cvelist2mskb15nessus10kaspersky2openvas8talosblog1