CVE-2019-0841
published 2019-04-09CVE-2019-0841: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of…
PriorityP187high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-04-05
Exploited in the wild
EPSS
41.67%
98.5th percentile
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
Affected
38 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_10_version_1703_for_32-bit_systems | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path%USERPROFILE%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Settings\Settings.dat↗
pathMicrosoft.MicrosoftEdge_8wekyb3d8bbwe\Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe↗
- →Monitor for hard link creation targeting sensitive system files (e.g., C:\Windows\win.ini, C:\Windows\system32\license.rtf) from low-privileged user contexts, particularly within AppX package Settings directories. ↗
- →Alert on unexpected DACL/security descriptor modifications to SYSTEM-owned files initiated by the AppXSvc (AppX Deployment Service) process. ↗
- →Detect deletion of settings.dat (and settings.dat.LOG1/LOG2) files under AppX package Settings folders followed immediately by hard link creation in the same directory. ↗
- →Flag process execution of MicrosoftEdge.exe being forcibly terminated (taskkill) by a non-administrative user, followed by AppXSvc activity on the Edge Settings directory. ↗
- →Monitor for creation of directories matching the pattern Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Microsoft.MicrosoftEdge_*_neutral__8wekyb3d8bbwe under %LOCALAPPDATA% by low-privileged users, as this is a precursor step in the bypass exploit. ↗
- →Detect the Diagnostics Hub Standard Collector Service (DiagHub) loading a DLL from a user-writable temp path, which is the post-exploitation privilege escalation technique chained with CVE-2019-0841. ↗
- →Check Windows 10 build number via win32k.sys file version; builds below 17763 are confirmed vulnerable to CVE-2019-0841. ↗
- →Monitor for the IShdocvwBroker ShowOpenFile() method being invoked from a specially crafted HTML file in IE11, which can be used to break out of the IE11 sandbox when chained with an RCE. ↗
- ·The Edge version string embedded in the exploit directory path must match the currently installed Edge version on the target; the exploit will fail if the version component (e.g., 44.17763.1.0) does not match. ↗
- ·The bearlpe PoC (zero-day bypass) was confirmed to work on fully patched Windows 10 32-bit and 64-bit and Windows Server 2016/2019, but could NOT be reproduced on Windows 7 or Windows 8. ↗
- ·The CVE-2019-0841-BYPASS targets Microsoft Edge and was originally discovered by another researcher; the bypass was still exploitable even after the original CVE-2019-0841 patch was applied. ↗
- ·The Metasploit module targets Windows 10 builds strictly prior to build 17763; build 17763 and above are flagged as 'Detected' (potentially patched) rather than 'Appears' (vulnerable). ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
vendor_msrc6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wg8w-w9w9-jc7c: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
ghsa_unreviewed·2022-05-14·CVSS 7.8
CVE-2019-0796 [HIGH] GHSA-wg8w-w9w9-jc7c: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
GHSA
GHSA-xpj6-7692-h85x: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
ghsa_unreviewed·2022-05-14·CVSS 7.8
CVE-2019-0730 [HIGH] GHSA-xpj6-7692-h85x: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
GHSA
GHSA-qq99-vh6q-vg4r: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
ghsa_unreviewed·2022-05-14·CVSS 7.8
CVE-2019-0731 [HIGH] GHSA-qq99-vh6q-vg4r: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836, CVE-2019-0841.
GHSA
GHSA-wqq2-j7vf-7rw9: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0841 [HIGH] CWE-59 GHSA-wqq2-j7vf-7rw9: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
GHSA
GHSA-8m52-qcff-9hc8: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0836 [HIGH] CWE-367 GHSA-8m52-qcff-9hc8: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0841.
GHSA
GHSA-f68p-qxcr-hw3p: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
ghsa_unreviewed·2022-05-13·CVSS 7.8
CVE-2019-0805 [HIGH] CWE-345 GHSA-f68p-qxcr-hw3p: An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841.
VulnCheck
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
vulncheck·2019·CVSS 7.8
CVE-2019-0841 [HIGH] CWE-59 Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.tenable.com/blog/contileaks-chats-reveal-over-30-vulnerabilities-used-by-conti-ransomware-affiliates; https://www.securin.io/articles/all-about-conti-ransomware/
Exploit PoC: https://vulncheck.com/xdb/e4ad3aaee5dd
Remediation Due: 2022-04-05
CISA
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
cisa·2022-03-15·CVSS 7.8
CVE-2019-0841 [HIGH] CWE-59 Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affected: Microsoft Windows
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0841
Remediation Due Date: 2022-04-05
Microsoft
Windows Elevation of Privilege Vulnerability
vendor_msrc·2019-04-09·CVSS 6.8
CVE-2019-0841 [HIGH] Windows Elevation of Privilege Vulnerability
Windows Elevation of Privilege Vulnerability
Description: An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links.
Microsoft Windows: Microsoft Windows
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed
No detection rules found.
Exploit-DB
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
exploitdb·2019-12-11·CVSS 7.8
CVE-2019-1476 [HIGH] AppXSvc 17763 - Arbitrary File Overwrite (DoS)
AppXSvc 17763 - Arbitrary File Overwrite (DoS)
---
# Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite (DoS)
# Date: 2019-10-28
# Exploit Author: Gabor Seljan
# Vendor Homepage: https://www.microsoft.com/
# Version: 17763.1.amd64fre.rs5_release.180914-1434
# Tested on: Windows 10 Version 1809 for x64-based Systems
# CVE: CVE-2019-1476
# Summary:
# AppXSvc improperly handles file hard links resulting in a low privileged user
# being able to overwrite an arbitrary file leading to elevation of privilege.
# Description:
# An elevation of privilege vulnerability exists when the AppX Deployment Server
# (AppXSvc) improperly handles file hard links. While researching CVE-2019-0841
# originally reported by Nabeel Ahmed, I have found that AppXSvc can be forced
# to overwrite an arbitrary
Exploit-DB
AppXSvc - Privilege Escalation
exploitdb·2019-09-16·CVSS 7.8
CVE-2019-1253 [HIGH] AppXSvc - Privilege Escalation
AppXSvc - Privilege Escalation
---
#-----------------------------------------------------------------------------#
# Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite (EoP) #
# Date: Sep 4 2019 #
# Exploit Author: Gabor Seljan #
# Vendor Homepage: https://www.microsoft.com/ #
# Version: 17763.1.amd64fre.rs5_release.180914-1434 #
# Tested on: Windows 10 Version 1809 for x64-based Systems #
# CVE: CVE-2019-1253 #
#-----------------------------------------------------------------------------#
Summary:
AppXSvc improperly handles file hard links resulting in a low privileged user
being able to take 'Full Control' of an arbitrary file leading to elevation of
privilege.
Description:
An elevation of privilege vulnerability exists when the AppX Deployment Server
(AppXSvc)
Exploit-DB
Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
exploitdb·2019-07-16·CVSS 7.8
CVE-2019-0841 [HIGH] Microsoft Windows 10 < build 17763 - AppXSvc Hard Link Privilege Escalation (Metasploit)
Microsoft Windows 10 'AppXSvc Hard Link Privilege Escalation',
'Description' => %q(
There exists a privilege escalation vulnerability for
Windows 10 builds prior to build 17763. Due to the AppXSvc's
improper handling of hard links, a user can gain full
privileges over a SYSTEM-owned file. The user can then utilize
the new file to execute code as SYSTEM.
This module employs a technique using the Diagnostics Hub Standard
Collector Service (DiagHub) which was discovered by James Forshaw to
load and execute a DLL as SYSTEM.
),
'License' => MSF_LICENSE,
'Author' =>
[
'Nabeel Ahmed', # Vulnerability discovery and PoC
'James Forshaw', # Code creating hard links and communicating with DiagHub service
'Shelby Pace' # Metasploit module
],
'References' =>
[
[ 'CVE', '2019-0841' ],
[ 'URL', 'https://
Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
exploitdb·2019-06-07·CVSS 7.8
CVE-2019-0841 [HIGH] Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)
---
CVE-2019-0841 BYPASS #2
There is a second bypass for CVE-2019-0841.
This can be triggered as following:
Delete all files and subfolders within "c:\users\%username%\appdata\local\packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\" (atleast the ones we can delete as user)
Try to launch edge. It will crash the first time.
When we launch it a second time, it will write the DACL while impersonating "SYSTEM".
The trick here is to launch edge by clicking it on the taskbar or desktop, using "start microsoft-edge:" seems to result in correct impersonation.
You can still do this completely programmatically.. since edge will always be in the same position in the task bar.. *cough* sendinput *cough*. There is probably
Exploit-DB
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
exploitdb·2019-05-23·CVSS 7.8
CVE-2019-0841 [HIGH] Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)
---
There is still a vuln in the code triggered by CVE-2019-0841
The bug that this guy found: https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
If you create the following:
(GetFavDirectory() gets the local appdata folder, fyi)
CreateDirectory(GetFavDirectory() + L"\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe",NULL);
CreateNativeHardlink(GetFavDirectory() + L"\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\Microsoft.MicrosoftEdge_44.17763.1.0_neutral__8wekyb3d8bbwe\\bear3.txt", L"C:\\Windows\\win.ini");
If we create that directory and put an hardlink in it, it will write the DACL.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Exploit-DB
Microsoft Windows - AppX Deployment Service Privilege Escalation
exploitdb·2019-04-09
CVE-2019-0841 Microsoft Windows - AppX Deployment Service Privilege Escalation
Microsoft Windows - AppX Deployment Service Privilege Escalation
---
This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privileged user.
1. The exploit first checks if the targeted file exists, if it does it will check its permissions. Since we are using Microsoft Edge for this exploit it will kill Microsoft Edge in order to get access to the settings.dat file.
2. After Microsoft Edge is killed it will check for the "setting.dat" file and delete it in order to create a hardlink to the requested targeted file (in our case that was the HOSTS file)
3. Once a hardlink is created Microsoft Edge is fired up again to trigger
Metasploit
AppXSvc Hard Link Privilege Escalation
metasploit
AppXSvc Hard Link Privilege Escalation
AppXSvc Hard Link Privilege Escalation
There exists a privilege escalation vulnerability for Windows 10 builds prior to build 17763. Due to the AppXSvc's improper handling of hard links, a user can gain full privileges over a SYSTEM-owned file. The user can then utilize the new file to execute code as SYSTEM. This module employs a technique using the Diagnostics Hub Standard Collector Service (DiagHub) which was discovered by James Forshaw to load and execute a DLL as SYSTEM.
Tenable
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
blogs_tenable·2022-03-24
ContiLeaks: Chats Reveal Over 30 Vulnerabilities Used by Conti Ransomware – How Tenable Can Help
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution Q2 2019. Statistics
blogs_securelist·2019-08-19
IT threat evolution Q2 2019. Statistics
Table of Contents
- Quarterly figures
- Mobile threats
- Attacks on Apple macOS
- IoT attacks
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyber attacks
Authors
- Victor Chebyshev
- Fedor Sinitsyn
- Denis Parinov
- Boris Larin
- Oleg Kupreev
- Evgeny Lopatin
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
## Quarterly figures
According to Kaspersky Security Network,
- Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe.
- 217,843,293 unique URLs triggered Web Anti-Virus components.
- Attempted infections by malware designed to steal money via online access to bank accounts were
Tenable
Microsoft’s July 2019 Patch Tuesday: What You Need to Know
blogs_tenable·2019-07-09
Microsoft’s July 2019 Patch Tuesday: What You Need to Know
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Roundup for Microsoft's June 2019 Patch Tuesday
blogs_tenable·2019-06-11
Tenable Roundup for Microsoft's June 2019 Patch Tuesday
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed
blogs_tenable·2019-05-23
SandboxEscaper: Local Privilege Escalation Bugs Including Four Zero-Day Vulnerabilities Disclosed
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bugzilla
CVE-2019-5057 SDL2_image: exploitable code execution in the PCX image-rendering leads to heap overflow
bugzilla·2019-08-09·CVSS 8.8
CVE-2019-5057 [HIGH] CVE-2019-5057 SDL2_image: exploitable code execution in the PCX image-rendering leads to heap overflow
CVE-2019-5057 SDL2_image: exploitable code execution in the PCX image-rendering leads to heap overflow
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
External References:
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0841
Discussion:
Created SDL2_image tracking bugs for this issue:
Affects: epel-7 [bug 1739403]
Affects: fedora-all [bug 1739405]
Created mingw-SDL2_image tracking bugs for this issue:
Affects: epel-all [bug 1739404]
Affects: fedora-all [bug 1739406]
---
This CVE Bugzilla entry is for community support informational purp
http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841https://www.exploit-db.com/exploits/46683/https://www.zerodayinitiative.com/advisories/ZDI-19-360/http://packetstormsecurity.com/files/152463/Microsoft-Windows-AppX-Deployment-Service-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153114/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153215/Microsoft-Windows-AppX-Deployment-Service-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/153642/AppXSvc-Hard-Link-Privilege-Escalation.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0841https://www.exploit-db.com/exploits/46683/https://www.zerodayinitiative.com/advisories/ZDI-19-360/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0841
2019-04-09
Published
2022-03-15
Added to CISA KEV
Exploited in the wild