CVSS: 8.8EPSS: 11%CPEs: 18EXPL: 0CVE-2019-1419 – Microsoft Windows Kernel Type 1 Font Processing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1419
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts, aka 'OpenType Font Parsing Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1456. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft Windows cuando la Windows Adobe Type Manager Library maneja inapropiadamente las fuentes OpenType especialmente diseñadas, también se conoce como "OpenType Font Parsing Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2019-1456. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419 https://www.zerodayinitiative.com/advisories/ZDI-19-977 •
CVSS: 3.3EPSS: 0%CPEs: 18EXPL: 0CVE-2019-1418
https://notcve.org/view.php?id=CVE-2019-1418
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. Se presenta una vulnerabilidad de información cuando el Windows Modules Installer Service divulga inapropiadamente información de archivos, también se conoce como "Windows Modules Installer Service Information Disclosure Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1418 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2019-1415
https://notcve.org/view.php?id=CVE-2019-1415
An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. Se presenta una vulnerabilidad de elevación de privilegios en Windows Installer debido a la manera en que Windows Installer maneja ciertas operaciones del sistema de archivos. Para explotar la vulnerabilidad, un atacante requeriría una ejecución no privilegiada en el sistema víctima, también se conoce como "Windows Installer Elevation of Privilege Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1415 •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-1412 – Microsoft Windows Kernel Type 1 Font Processing Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1412
An information disclosure vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka 'OpenType Font Driver Information Disclosure Vulnerability'. Se presenta una vulnerabilidad de divulgación de información en Windows Adobe Type Manager Font Driver (ATMFD.dll), cuando no es capaz de manejar apropiadamente objetos en la memoria, también se conoce como "OpenType Font Driver Information Disclosure Vulnerability". This vulnerability allows attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Type 1 fonts in the Windows kernel. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412 https://www.zerodayinitiative.com/advisories/ZDI-19-980 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 11%CPEs: 18EXPL: 0CVE-2019-1411 – Microsoft Windows DirectWrite Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-1411
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1432. Se presenta una vulnerabilidad de divulgación de información cuando DirectWrite divulga inapropiadamente el contenido de su memoria, también se conoce como "DirectWrite Information Disclosure Vulnerability". Este ID de CVE es diferente de CVE-2019-1432. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1411 https://www.zerodayinitiative.com/advisories/ZDI-19-973 • CWE-125: Out-of-bounds Read •