Windows GDI Information Disclosure Vulnerability (CVE-2019-0802) Key Information CVE ID: CVE-2019-0802 Release Date: April 9, 2019 Assigning CNA: Microsoft Executive Summary An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. Successful exploitation could allow an attacker to obtain information to further compromise the user's system. Attack vectors include convincing a user to open a specially crafted document or visit an untrusted webpage. The security update corrects how the Windows GDI component handles objects in memory. Exploitability Publicly Disclosed: No Exploited: No Exploitability Assessment: Exploitation Less Likely FAQ Type of Information Disclosed: uninitialized memory