Windows Graphics Component Information Disclosure Vulnerability

ID MS:CVE-2020-0885
Type mscve
Reporter Microsoft
Modified 2020-03-10T07:00:00


An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system.

There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document or by convincing a user to visit an untrusted webpage.

The update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.