A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.
CVE-2019-1128
This high-severity CVE scores 8.8 under NVD CVSS v3. EPSS exploit probability: 34.7%, top 3% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- High severity, but no confirmed exploitation yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 8.8
- EG Score
- 8.8(medium)
- EPSS
- 96.7%
- KEV
- Not listed
Published
July 15, 2019
Last Modified
November 21, 2024
References (2)
- secure@microsofthttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1128
- af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1128
All Vendor Advisories
(1)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Publicly available exploits
(1 reference)Working exploit code is in the public domain (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- Exploit-DBEDB-47095✓ verifiedFirst seen Jul 10, 2019
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readCharset
Open source ↗
Frequently asked(5)
What is CVE-2019-1128?
When was CVE-2019-1128 disclosed?
Is CVE-2019-1128 actively exploited?
What is the CVSS score of CVE-2019-1128?
How do I remediate CVE-2019-1128?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2019-1128
Is Your Infrastructure Affected by CVE-2019-1128?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.