CVE-2019-0968

Published: Jun 12, 2019Modified: May 20, 2025

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD (Secondary)

Description

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

Affected (4)

Products: Microsoft: Windows 7, Windows Server 2008

Microsoft

2 products

Windows 7

Windows Server 2008

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 7	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2008	Version r2 sp1

References (2)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0968

Source: secure@microsoft.com

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0968

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.