CVE-2019-0803

CVSS 7.8 HIGHEPSS 45.2%● KEV

In short

Windows Win32k component fails to properly manage memory objects, allowing an attacker with local access to gain higher system privileges. This is a serious flaw because it lets someone take control of your computer.

Technical detail

Win32k memory object handling vulnerability enabling privilege escalation from local user context to SYSTEM or higher. Requires local code execution as a prerequisite; no network vector. Impact includes complete system compromise and unauthorized access to sensitive data and kernel-level resources.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Microsoft · Windows Microsoft · Windows Server

public PoCs found — 4

githubgithub.com/ExpLife0011/CVE-2019-0803★ 83 githubgithub.com/Iamgublin/CVE-2019-0803★ 1 cve_referencepacketstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.htmlunverified exploitdbwww.exploit-db.com/exploits/46920unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/153034/Microsoft-Windows-Win32k-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0803 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0803