CVE-2019-1149

Name of the Vulnerable Software and Affected Versions Windows (affected versions not specified)

Description A remote code execution issue exists due to the improper handling of specially crafted embedded fonts by the Windows font library. This could allow an attacker to take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. The impact may be less severe for users with limited user rights. Attackers could exploit this issue through various means, including hosting a specially crafted website or providing a malicious document file, and then convincing users to access the content. The vulnerability is addressed by correcting how the Windows font library handles embedded fonts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.