cbcvebase.
CVE-2019-0547
published 2019-01-08

CVE-2019-0547: A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP…

PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
71.36%
99.3th percentile
A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client, aka "Windows DHCP Client Remote Code Execution Vulnerability." This affects Windows 10, Windows 10 Servers.

Affected

9 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10_servers
msrcwindows_10_version_1803_for_32-bit_systems
msrcwindows_10_version_1803_for_arm64-based_systems
msrcwindows_10_version_1803_for_x64-based_systems
msrcwindows_server_version_1803

Detection & IOCsextracted from sources · hover to see the quote

  • Exploit vector requires attacker to send specially crafted DHCP responses to a target Windows DHCP client; monitor for anomalous or malformed DHCP response packets on the network targeting Windows 10 / Windows 10 Server hosts
  • ·At time of disclosure, the vulnerability had not been publicly disclosed or actively exploited in the wild
  • ·The patch (KB4480966) corrects how Windows DHCP clients handle certain DHCP responses; patching is the primary mitigation

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.