CVE-2019-1132

7.8

CVSS
High

PUBLISHED

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...

Exploited in the wild Low complexity No user interaction

Vendor: Microsoft
Product: Windows, Windows Server
Published: Jul 29, 2019
EPSS: —

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

windows cisa microsoft

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2022-03-15 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Mar 15, 2022

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

petercc/CVE-2019-1132

github · Created 2019-07-31 02:30:28 UTC · 3 stars

CVE-2019-1132

Vlad-tri/CVE-2019-1132

github · Created 2019-07-26 06:51:28 UTC · 61 stars

EoP POC for CVE-2019-1132

Vulnerability detail

CVE-2019-1132

Description

CVSS scores

Exploitation status

SSVC decision points

References

Known exploited vulnerability sources

Potential proof of concepts

Timeline