Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0943Microsoft Windows 10 Version 1507 vulnerability

5 documents5 sources
Severity
7.8HIGHNVD
EPSS
4.4%
top 10.93%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
21
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1703+18 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially craft

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages21 packages

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-58h5-x5rq-8fvp: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC)2022-05-24
CVEList
Windows ALPC Elevation of Privilege Vulnerability2019-06-12

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation2019-06-24

📋Vendor Advisories

1
Microsoft
Windows ALPC Elevation of Privilege Vulnerability2019-06-11
CVE-2019-0943 — Microsoft vulnerability | cvebase