CVE-2019-1362

Опубликовано: 08 окт. 2019

Источник: msrc

CVSS3: 7

EPSS Низкий

Описание

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for Itanium-Based Systems Service Pack 2	4520002 4520009	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2	4520002 4520009	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4520002 4520009	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4520002 4520009	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	4519976 4520003	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	4519976 4520003	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4519976 4520003	Monthly Rollup Security Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1	4519976 4520003	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4519976 4520003	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4520002 4520009	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

N/A

Older Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 83%

0.02102

Низкий

7 High

CVSS3

Связанные уязвимости

CVE-2019-1362

CVSS3: 7.8

nvd

почти 6 лет назад

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.

GHSA-mwp7-fqpw-fwvh

github

больше 3 лет назад

BDU:2019-04757