CVE-2019-0797

CVSS 7.8 HIGHEPSS 1.9%● KEV

In short

A flaw in Windows' Win32k component allows an attacker with local access to gain higher privileges on the system. The component incorrectly manages certain objects in memory, which can be exploited to escalate from a regular user to administrator level.

Technical detail

Win32k fails to properly validate or handle certain object references in memory, enabling a local attacker to trigger a use-after-free or similar memory corruption condition. Successful exploitation requires local code execution capability and results in privilege escalation to SYSTEM or Administrator context.

Summary generated and translated by AI from the official description.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Microsoft · Windows Microsoft · Windows Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0797