CVE-2019-1225

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:36

Type Values Removed Values Added
References () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225 - Patch, Vendor Advisory () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1225 - Patch, Vendor Advisory

29 May 2024, 17:16

Type Values Removed Values Added
Summary (en) An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Server Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1224. (en) An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how the Windows RDP server initializes memory.

Information

Published : 2019-08-14 21:15

Updated : 2024-11-21 04:36


NVD link : CVE-2019-1225

Mitre link : CVE-2019-1225

CVE.ORG link : CVE-2019-1225


JSON object : View

Products Affected

microsoft

  • windows_server_2019
  • windows_10
  • windows_server_2016
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor