CVE-2019-0960Microsoft Windows 7 vulnerability

5 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.2%
top 61.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Windows 7Microsoft Windows 7 Service Pack 1Microsoft Windows Server 2008 R2 Service Pack 1+10 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could e

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages13 packages

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-prfq-57cj-p22w: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation2022-05-24
GHSA
GHSA-pw94-q2v2-66v7: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation2022-05-24
GHSA
GHSA-v97j-cq8h-mfm4: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation2022-05-24

📋Vendor Advisories

1
Microsoft
Win32k Elevation of Privilege Vulnerability2019-06-11
CVE-2019-0960 — Microsoft Windows 7 vulnerability | cvebase