Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-0836 — Link Following in Microsoft Windows
Severity
7.8HIGHNVD
NVD5.5
EPSS
24.8%
top 3.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedApr 9
Latest updateMay 14
Description
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages20 packages
Patches
🔴Vulnerability Details
7GHSA▶
GHSA-wg8w-w9w9-jc7c: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-14
GHSA▶
GHSA-xpj6-7692-h85x: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-14
GHSA▶
GHSA-qq99-vh6q-vg4r: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-14
GHSA▶
GHSA-wqq2-j7vf-7rw9: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of↗2022-05-13
GHSA▶
GHSA-8m52-qcff-9hc8: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv↗2022-05-13
💥Exploits & PoCs
1Exploit-DB▶
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation↗2019-04-16