CVE-2019-0853

HIGH

Windows GDI - RCE

Title source: llm

Description

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

References (3)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0853

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-19-362/

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-19-363/

Scores

CVSS v3 8.8

EPSS 0.2465

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-824

Status published

Products (17)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

... and 7 more

Published Apr 09, 2019

Tracked Since Feb 18, 2026