CVE-2019-1132

Опубликовано: 09 июл. 2019

Источник: msrc

CVSS3: 7.8

EPSS Средний

Описание

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for Itanium-Based Systems Service Pack 2	4507452 4507461	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2	4507452 4507461	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4507452 4507461	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4507452 4507461	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	4507449 4507456	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	4507449 4507456	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4507449 4507456	Monthly Rollup Security Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1	4507449 4507456	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4507449 4507456	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4507452 4507461	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Yes

Latest Software Release

N/A

Older Software Release

Exploitation Detected

DOS

N/A

EPSS

Процентиль: 97%

0.35636

Средний

7.8 High

CVSS3

Связанные уязвимости

CVE-2019-1132

CVSS3: 7.8

nvd

больше 6 лет назад

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

GHSA-wjj5-qcfr-vxxf

CVSS3: 7.8

github

больше 3 лет назад

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

BDU:2019-02660

CVSS3: 7.8

fstec

больше 6 лет назад

Уязвимость компонента Win32k операционной системы Windows, позволяющая нарушителю выполнить произвольный код в режиме ядра

EPSS

Процентиль: 97%

0.35636

Средний

7.8 High

CVSS3