CVE-2019-1418

Опубликовано: 12 нояб. 2019

Источник: msrc

CVSS3: 3.5

EPSS Низкий

Описание

Windows Modules Installer Service Information Disclosure Vulnerability

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.

To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.

The update addresses the vulnerability by changing the way Windows Modules Installer Service discloses file information.

FAQ

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for Itanium-Based Systems Service Pack 2	4525234 4525239	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2	4525234 4525239	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	4525234 4525239	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	4525234 4525239	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	4525235 4525233	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	4525235 4525233	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	4525235 4525233	Monthly Rollup Security Only
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1	4525235 4525233	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	4525235 4525233	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	4525234 4525239	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 80%

0.0141

Низкий

3.5 Low

CVSS3

Связанные уязвимости

CVE-2019-1418

CVSS3: 3.3

nvd

около 6 лет назад

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.

GHSA-prh3-4qp6-8m82

github

больше 3 лет назад