CVE-2019-1108

MEDIUM EXPLOITED IN THE WILD RANSOMWARE

Windows RDP Client - Information Disclosure via Memory Exposure

Title source: llm

Exploitation Summary

CVE-2019-1108 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 1 public exploit from researchers including Lanph3re.

AI-analyzed exploit summary This repository provides a brief description of CVE-2019-1108, an information disclosure vulnerability in the Windows RDP client. It includes a high-level overview of the vulnerability and its impact, but lacks technical depth or exploit code.

Description

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.

Exploits (1)

nomisec WRITEUP 2 stars

by Lanph3re · poc

https://github.com/Lanph3re/cve-2019-1108

View Code ZIP pw:eip

This repository provides a brief description of CVE-2019-1108, an information disclosure vulnerability in the Windows RDP client. It includes a high-level overview of the vulnerability and its impact, but lacks technical depth or exploit code.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Windows RDP client

No auth needed

Prerequisites: Remote access to an affected system · Specially crafted application

MITRE ATT&CK

T1040 - Network Sniffing

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1108

Scores

CVSS v3 6.5

EPSS 0.1071

EPSS Percentile 95.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-08-19

InTheWild.io 2021-08-19

Ransomware Use Confirmed

CWE

CWE-200

Status published

Products (18)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Jul 15, 2019

Tracked Since Feb 18, 2026