Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2019-1102: GDI+ Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2019-1102: GDI+ Remote Code Execution Vulnerability

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
07/09/2019
Created
07/10/2019
Added
07/09/2019
Modified
09/11/2024

Description

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

Solution(s)

  • microsoft-windows-windows_10-1507-kb4507458
  • microsoft-windows-windows_10-1607-kb4507460
  • microsoft-windows-windows_10-1703-kb4507450
  • microsoft-windows-windows_10-1709-kb4507455
  • microsoft-windows-windows_10-1803-kb4507435
  • microsoft-windows-windows_10-1809-kb4507469
  • microsoft-windows-windows_10-1903-kb4507453
  • microsoft-windows-windows_server_2012-kb4507464
  • microsoft-windows-windows_server_2012_r2-kb4507457
  • microsoft-windows-windows_server_2016-1607-kb4507460
  • microsoft-windows-windows_server_2019-1809-kb4507469
  • msft-kb4507453-8cedcb21-0200-433d-b32d-2d5ef741adec
  • msft-kb4507456-256714d3-2030-469c-8c6a-f30ff5ea5a10
  • msft-kb4507456-5c94bfe0-3546-493d-8de2-61342cbf5b96
  • msft-kb4507456-7cdee6a8-6f30-423e-b02c-3453e14e3a6e
  • msft-kb4507456-8ef94183-d630-48d8-8a60-d1a66f5bf53d
  • msft-kb4507456-a1f24376-4aff-404e-bb04-f6d00686d6dc
  • msft-kb4507456-df8085cf-9e2a-463b-92f3-e8c2dd920fe0
  • msft-kb4507457-3848287d-d32e-4e7b-b6a1-798ba1329599
  • msft-kb4507457-d8ac2164-d4d1-442d-adfa-0b5a886bd8c0
  • msft-kb4507461-585d930e-fe25-4ca6-ad2f-8ec034309c40
  • msft-kb4507461-6e49345e-8807-48dd-be6d-fb5433bcddcd
  • msft-kb4507461-f8662637-4580-4357-90a2-1e71f6c51021
  • msft-kb4507464-53bbafce-c9f3-4c30-aeff-c2ffb48b3773
  • msft-kb4507464-a4fb9a27-eaf9-4ace-8ae1-31cd7b5621d7

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;