VDB

CVE-2019-0707

CVE-2019-0707 PUBLISHED CVSS 7 HIGH

An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it.To exploit the vulnerability, in a local attack scenario, an attacker could run a specially crafted application to elevate the attacker's privilege level, aka 'Windows NDIS Elevation of Privilege Vulnerability'.

EPSS 0.28% · 51.9th percentile

Risk Scores

CVSS 3.0
7
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.28%
51.9th percentile

Affected Products

VendorProductVersions
microsoftwindows_rt_8.1
MicrosoftWindows 10 Version 1903 for x64-based Systemsunspecified
MicrosoftWindows Server, version 1903 (Server Core installation)unspecified
microsoftwindows_8.1
microsoftwindows_server_2019
microsoftwindows_101903, 1703, 1803
MicrosoftWindows 10 Version 1903 for 32-bit Systemsunspecified
microsoftwindows_server_2012r2, r2
microsoftwindows_server_20161903, 1803, 1803
MicrosoftWindows 10 Version 1903 for ARM64-based Systemsunspecified
MicrosoftWindows Server2008 for Itanium-Based Systems Service Pack 2, 2008 for 32-bit Systems Service Pack 2, 2008 for x64-based Systems Service Pack 2
MicrosoftWindows10 Version 1709 for x64-based Systems, 10 Version 1803 for ARM64-based Systems, 10 Version 1803 for 32-bit Systems

Exploit Intelligence

Timeline

  • May 16, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • May 2, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›