CVE-2019-1458

CVSS 7.8 HIGHEPSS 74.4%● KEV

In short

Windows Win32k component has a flaw that allows an attacker with local access to run malicious code with higher system privileges, potentially taking full control of the computer.

Technical detail

The Win32k kernel-mode driver fails to properly validate and handle object references in memory, allowing local authenticated attackers to execute arbitrary code in kernel context via specially crafted Win32 API calls, resulting in privilege escalation to SYSTEM level.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Microsoft · Windows Microsoft · Windows Server

public PoCs found — 6

githubgithub.com/piotrflorczyk/cve-2019-1458_POC★ 181 githubgithub.com/rip1s/CVE-2019-1458★ 135 githubgithub.com/Eternit7/CVE-2019-1458★ 0 cve_referencepacketstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.htmlunverified cve_referencepacketstormsecurity.com/files/159569/Microsoft-Windows-Uninitialized-Variable-Local-Privilege-Escalation.htmlunverified exploitdbwww.exploit-db.com/exploits/48180unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/159569/Microsoft-Windows-Uninitialized-Variable-Local-Privilege-Escalation.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1458