← back
CVE-2019-1132

CVE-2019-1132

CVSS 7.8 HIGHEPSS 9.8%● KEV
In short

A flaw in Windows' Win32k component allows an attacker with local access to gain higher privileges than they should have. This happens because the component doesn't properly manage objects in memory, creating an opening for privilege escalation.

Technical detail

Win32k elevation of privilege vulnerability resulting from improper object memory handling. Attack vector is local; requires attacker to already have user-level code execution. Successful exploitation grants kernel-level privileges, bypassing security boundaries.

Summary generated and translated by AI from the official description.
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Microsoft · WindowsMicrosoft · Windows Server
public PoCs found3
githubgithub.com/Vlad-tri/CVE-2019-113261githubgithub.com/petercc/CVE-2019-11323exploitdbwww.exploit-db.com/exploits/47176unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1132