CVE-2019-1009

CVE Database · CVE-2019-1009

CVE-2019-1009

· MEDIUMModified

CVSS v3.1

4.7

EPSS

48.49%

Published

Jun 12, 2019

Modified

May 20, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage. The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (4)

microsoft · windows_7vulnerable

microsoft · windows_server_2008vulnerable

References (5)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-1009

https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d%40%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/da9ee189d1756f8508d0f2386d8e25aca5a6df541739829232be8a94%40%3Cdev.tika.apache.org%3E

https://lists.apache.org/thread.html/fb6c84fd387de997e5e366d50b0ca331a328c466432c80f8c5eed33d%40%3Cdev.tika.apache.org%3E

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1009

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs