Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2019-0841
PUBLISHEDAn elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...
- Vendor
- Microsoft
- Product
- Windows, Windows Server
- Published
- Apr 09, 2019
- EPSS
- —
Description
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV:L/AC:L/Au:N/C:C/I:C/A:C
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841
- https://www.exploit-db.com/exploits/46683/
- http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.html
- https://www.zerodayinitiative.com/advisories/ZDI-19-360/
- http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html
- http://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Mar 15, 2022 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/appxsvc_hard_link_privesc.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2022-04-09 05:19:25 UTC · 0 stars
github · Created 2019-06-11 20:05:26 UTC · 59 stars
A fully automatic CVE-2019-0841 bypass targeting all versions of Edge in Windows 10.
github · Created 2019-04-10 14:58:22 UTC · 2 stars
github · Created 2019-04-05 12:53:52 UTC · 240 stars
PoC code for CVE-2019-0841 Privilege Escalation vulnerability
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Metasploit