CVE-2019-1120

HIGH

Windows 10 and Windows Server 2016/2019 - Remote Code Execution in DirectWrite

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1120. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in AFDKO's readFDSelect function due to improper bounds checking when parsing FDSelect tables in OpenType fonts. The PoC triggers the vulnerability by manipulating the 'next' value to exceed the glyphs array size, leading to memory corruption.

Description

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/47094

View Code ZIP pw:eip

This exploit demonstrates a heap-based buffer overflow in AFDKO's readFDSelect function due to improper bounds checking when parsing FDSelect tables in OpenType fonts. The PoC triggers the vulnerability by manipulating the 'next' value to exceed the glyphs array size, leading to memory corruption.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: AFDKO (Adobe Font Development Kit for OpenType) and Microsoft DirectWrite library (Windows 10 1709+)

No auth needed

Prerequisites: A specially crafted OpenType font file with a malformed FDSelect table · A vulnerable application (e.g., Microsoft Edge) that processes the font during printing

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1120

Scores

CVSS v3 8.8

EPSS 0.1694

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (7)

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

microsoft/windows_server_2019

Published Jul 15, 2019

Tracked Since Feb 18, 2026