What is the severity of CVE-2019-0903?

CVE-2019-0903 has a critical severity level due to its potential for remote code execution.

How do I fix CVE-2019-0903?

To fix CVE-2019-0903, users should apply the latest security updates provided by Microsoft for affected Windows versions.

Which software is affected by CVE-2019-0903?

CVE-2019-0903 affects Microsoft Windows 10, Windows 7, Windows 8.1, and various versions of Windows Server.

Can CVE-2019-0903 be exploited remotely?

Yes, CVE-2019-0903 can be exploited remotely without authentication, allowing attackers to execute arbitrary code.

What systems are impacted by CVE-2019-0903?

CVE-2019-0903 impacts systems running Microsoft Graphics Device Interface (GDI) across multiple Windows operating systems.

Vulnerability/
CVE-2019-0903

Exploited

critical

9.3

16/5/2019

7/2/2025

CVE-2019-0903: Microsoft GDI Remote Code Execution Vulnerability

First published: Thu May 16 2019(Updated: )

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Graphics Device Interface
Windows 10
Windows 10	=1607
Windows 10	=1703
Windows 10	=1709
Windows 10	=1803
Windows 10	=1809
Windows 10	=1903
Microsoft Windows 7	=sp1
Microsoft Windows
Microsoft Windows RT
Microsoft Windows Server	=sp2
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server
Microsoft Windows Server	=r2
Microsoft Windows Server 2016
Microsoft Windows Server 2016	=1803
Microsoft Windows Server 2016	=1903
Microsoft Windows Server 2019

Remedy

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0903

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-0903?
CVE-2019-0903 has a critical severity level due to its potential for remote code execution.
How do I fix CVE-2019-0903?
To fix CVE-2019-0903, users should apply the latest security updates provided by Microsoft for affected Windows versions.
Which software is affected by CVE-2019-0903?
CVE-2019-0903 affects Microsoft Windows 10, Windows 7, Windows 8.1, and various versions of Windows Server.
Can CVE-2019-0903 be exploited remotely?
Yes, CVE-2019-0903 can be exploited remotely without authentication, allowing attackers to execute arbitrary code.
What systems are impacted by CVE-2019-0903?
CVE-2019-0903 impacts systems running Microsoft Graphics Device Interface (GDI) across multiple Windows operating systems.

agent/type
agent/description
agent/title
agent/remedy
agent/first-publish-date
agent/references
agent/author
agent/event
agent/source
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
collector/nvd-cve
vendor/microsoft
canonical/microsoft graphics device interface
canonical/windows 10
version/windows 10/1607
version/windows 10/1703
version/windows 10/1709
version/windows 10/1803
version/windows 10/1809
version/windows 10/1903
canonical/microsoft windows 7
version/microsoft windows 7/sp1
canonical/microsoft windows
canonical/microsoft windows rt
canonical/microsoft windows server
version/microsoft windows server/sp2
version/microsoft windows server/r2-sp1
version/microsoft windows server/r2
canonical/microsoft windows server 2016
version/microsoft windows server 2016/1803
version/microsoft windows server 2016/1903
canonical/microsoft windows server 2019