VDB
GSD-2019-1224
GSD-2019-1224
PUBLISHED
CVSS 7.5 HIGH
An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems | 10.0.0 |
| Microsoft | Windows Server, version 1909 (Server Core installation) | 10.0.0 |
| Microsoft | Windows 10 Version 1903 for x64-based Systems | 10.0.0 |
| Microsoft | Windows 10 Version 1803 | 10.0.0 |
| Microsoft | Windows 10 Version 1909 | 10.0.0 |
| Microsoft | Windows Server 2019 | 10.0.0 |
| Microsoft | Windows Server 2019 (Server Core installation) | 10.0.0 |
| Microsoft | Windows Server, version 1803 (Server Core Installation) | 10.0.0 |
| Microsoft | Windows 10 Version 1809 | 10.0.0 |
| Microsoft | Windows 10 Version 1903 for 32-bit Systems | 10.0.0 |
| Microsoft | Windows Server, version 1903 (Server Core installation) | 10.0.0 |
Timeline
- May 7, 2019 CVE Published
- Nov 8, 2019 PoC Published
- Jan 31, 2025 PoC Published
- Feb 13, 2025 PoC Published
- Apr 17, 2026 Security Advisory