CVE-2019-0840 — Vulnetix

CVE-2019-0840 PUBLISHED CVSS 7.800000190734863 HIGH

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

EPSS 0.74% · 73.2th percentile

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.74%

73.2th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Windows	8.1 for 32-bit systems, RT 8.1, 10 for 32-bit Systems
Microsoft	Windows Server	2019, 2019 (Core installation), 2008 R2 for x64-based Systems Service Pack 1 (Core installation)

Exploit Intelligence

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803 (circl)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803 (circl)
http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html (circl)
CIRCL exploited: CVE-2019-0803 (circl-sighting)
CIRCL seen: CVE-2019-0803 (circl-sighting)
CIRCL seen: CVE-2019-0803 (circl-sighting)
CIRCL seen: CVE-2019-0803 (circl-sighting)
CIRCL seen: CVE-2019-0803 (circl-sighting)
CIRCL seen: CVE-2019-0803 (circl-sighting)
CIRCL seen: CVE-2019-0803 (circl-sighting)

…and 54 more exploits

Timeline

May 23, 2014 PoC Published
Apr 9, 2019 CVE Published
Apr 10, 2019 PoC Published
Jul 18, 2019 PoC Published
Jan 21, 2020 PoC Published
Jun 26, 2020 PoC Published
Aug 17, 2020 PoC Published
Sep 17, 2020 PoC Published
Oct 3, 2020 PoC Published
Oct 9, 2020 PoC Published
Oct 20, 2020 PoC Published
Oct 20, 2020 PoC Published

References

Open in Interactive Console →