CVE-2019-1108

MEDIUM EXPLOITED IN THE WILD RANSOMWARE

Windows RDP - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'.

Exploits (1)

nomisec WRITEUP 2 stars

by Lanph3re · poc

https://github.com/Lanph3re/cve-2019-1108

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1108

Scores

CVSS v3 6.5

EPSS 0.2346

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2021-08-19

InTheWild.io 2021-08-19

Ransomware Use Confirmed

CWE

CWE-200

Status published

Products (18)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Jul 15, 2019

Tracked Since Feb 18, 2026