First published: Thu May 16 2019(Updated: )
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Graphics Device Interface | ||
Windows 10 | ||
Windows 10 | =1607 | |
Windows 10 | =1703 | |
Windows 10 | =1709 | |
Windows 10 | =1803 | |
Windows 10 | =1809 | |
Windows 10 | =1903 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows | ||
Microsoft Windows RT | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 | =1803 | |
Microsoft Windows Server 2016 | =1903 | |
Microsoft Windows Server 2019 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0903 has a critical severity level due to its potential for remote code execution.
To fix CVE-2019-0903, users should apply the latest security updates provided by Microsoft for affected Windows versions.
CVE-2019-0903 affects Microsoft Windows 10, Windows 7, Windows 8.1, and various versions of Windows Server.
Yes, CVE-2019-0903 can be exploited remotely without authentication, allowing attackers to execute arbitrary code.
CVE-2019-0903 impacts systems running Microsoft Graphics Device Interface (GDI) across multiple Windows operating systems.