Windows Graphics Device Interface

CVEs (13)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2007-2237	Microsoft Windows Xp	Med	0.44	5.5	0.61		Jun 6, 2007	Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
CVE-2019-0903	Microsoft Windows		0.15	—	0.34	KEV	May 16, 2019	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2020-0883	Microsoft Windows		0.04	—	0.53		Mar 12, 2020	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.
CVE-2018-8397	Microsoft Windows Server 2008		0.03	—	0.36		Aug 15, 2018	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
CVE-2019-1102	Microsoft Windows		0.02	—	0.25		Jul 29, 2019	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2020-16911	Microsoft Windows Server 2012		0.01	—	0.18		Oct 16, 2020	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…
CVE-2020-1285	Microsoft Windows 7		0.01	—	0.14		Sep 11, 2020	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…
CVE-2020-16914	Microsoft Windows 7		0.00	—	0.01		Oct 16, 2020	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code…
CVE-2020-1480	Microsoft Windows 10 1809		0.00	—	0.01		Aug 17, 2020	An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…
CVE-2020-0916	Microsoft Windows		0.00	—	0.00		Jun 9, 2020	An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915.
CVE-2020-1141	Microsoft Windows		0.00	—	0.01		May 21, 2020	An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is…
CVE-2020-1142	Microsoft Windows		0.00	—	0.00		May 21, 2020	An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'.
CVE-2018-0817	Microsoft Windows		0.00	—	0.01		Mar 14, 2018	The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation…

CVE-2007-2237MedJun 6, 2007
Microsoft
Windows Xp
risk 0.44cvss 5.5epss 0.61
Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.
CVE-2019-0903KEVMay 16, 2019
Microsoft
Windows
risk 0.15cvss —epss 0.34
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2020-0883Mar 12, 2020
Microsoft
Windows
risk 0.04cvss —epss 0.53
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0881.
CVE-2018-8397Aug 15, 2018
Microsoft
Windows Server 2008
risk 0.03cvss —epss 0.36
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
CVE-2019-1102Jul 29, 2019
Microsoft
Windows
risk 0.02cvss —epss 0.25
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.
CVE-2020-16911Oct 16, 2020
Microsoft
Windows Server 2012
risk 0.01cvss —epss 0.18
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…
CVE-2020-1285Sep 11, 2020
Microsoft
Windows 7
risk 0.01cvss —epss 0.14
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install…
CVE-2020-16914Oct 16, 2020
Microsoft
Windows 7
risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code…
CVE-2020-1480Aug 17, 2020
Microsoft
Windows 10 1809
risk 0.00cvss —epss 0.01
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view,…
CVE-2020-0916Jun 9, 2020
Microsoft
Windows
risk 0.00cvss —epss 0.00
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0915.
CVE-2020-1141May 21, 2020
Microsoft
Windows
risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is…
CVE-2020-1142May 21, 2020
Microsoft
Windows
risk 0.00cvss —epss 0.00
An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'.
CVE-2018-0817Mar 14, 2018
Microsoft
Windows
risk 0.00cvss —epss 0.01
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation…