cbcvebase.
CVE-2019-0555
published 2019-01-08

CVE-2019-0555: An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the…

PriorityP345high7.8CVSS 3.0
AVLACHPRLUINSCCHIHAH
EXPLOIT
EPSS
2.43%
82.2th percentile
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

Affected

22 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_10
microsoftwindows_server_2012
microsoftwindows_server_2016
microsoftwindows_server_2016
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1703
msrcwindows_10_version_1709
msrcwindows_10_version_1803
msrcwindows_10_version_1809
msrcwindows_8.1
msrcwindows_rt_8.1
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016
msrcwindows_server_2019
msrcwindows_server_version_1709
msrcwindows_server_version_1803

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.