Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-0730 — Link Following in Microsoft Windows
Severity
7.8HIGHNVD
NVD5.5
EPSS
3.1%
top 13.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 9
Latest updateMay 14
Description
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages20 packages
Patches
🔴Vulnerability Details
6GHSA▶
GHSA-wg8w-w9w9-jc7c: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-14
GHSA▶
GHSA-xpj6-7692-h85x: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-14
GHSA▶
GHSA-qq99-vh6q-vg4r: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-14
GHSA▶
GHSA-wqq2-j7vf-7rw9: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of↗2022-05-13
GHSA▶
GHSA-8m52-qcff-9hc8: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-13
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation↗2019-04-16