CVE-2019-0718 — Improper Input Validation in Microsoft Windows 10 Version 1507

CWE-20 — Improper Input Validation6 documents5 sources

Severity

5.8MEDIUMNVD

EPSS

1.2%

top 20.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1703 +10 more

Timeline

PublishedAug 14

Latest updateJan 13

Description

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash. The upd…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 1.3 | Impact: 4.0

Affected Packages14 packages

▶CVEListV5microsoft/windows_server_20126.2.0 — publication

▶CVEListV5microsoft/windows_server_201610.0.0 — publication

▶CVEListV5microsoft/windows_server_201910.0.0 — publication

▶CVEListV5microsoft/windows_server_2012_r26.3.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

OSV

libxmltok vulnerabilities↗2025-01-13

▶

OSV

libxmltok vulnerabilities↗2022-07-19

▶

GHSA

GHSA-53v3-5x5v-xq33: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged use↗2022-05-24

▶

CVEList

Windows Hyper-V Denial of Service Vulnerability↗2019-08-14

▶

📋Vendor Advisories

Microsoft

Windows Hyper-V Denial of Service Vulnerability↗2019-08-13

▶