VDB
GSD-2019-0863
GSD-2019-0863
PUBLISHED
CVSS 7.800000190734863 HIGH
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 10 Version 1903 for 32-bit Systems | unspecified |
| Microsoft | Windows Server, version 1903 (Server Core installation) | unspecified |
| Microsoft | Windows Server | *, *, 2012 |
| Microsoft | Windows 10 Version 1903 for x64-based Systems | * |
| Microsoft | Windows | 7 for 32-bit Systems Service Pack 1, *, 10 Version 1809 for 32-bit Systems |
| Microsoft | Windows 10 Version 1903 for ARM64-based Systems | unspecified |
Timeline
- May 14, 2019 CVE Published
- May 15, 2019 PoC Published
- Nov 8, 2021 PoC Published
- Nov 20, 2021 PoC Published
- Dec 24, 2024 PoC Published
- Jan 31, 2025 PoC Published
- Feb 13, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Aug 31, 2025 PoC Published
- Feb 2, 2026 PoC Published
- Apr 16, 2026 Security Advisory
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863 advisory
- http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0863 advisory