CVE-2019-1007Improper Privilege Management in Microsoft Windows 10 Version 1507

CWE-269Improper Privilege Management4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 50.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1703+10 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and ano

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages14 packages

CVEListV5microsoft/windows_server_201610.0.14393.0publication
CVEListV5microsoft/windows_server_201910.0.17763.0publication
CVEListV5microsoft/windows_10_version_150710.0.10240.0publication
CVEListV5microsoft/windows_10_version_160710.0.14393.0publication
CVEListV5microsoft/windows_10_version_170310.0.0publication

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-3v6r-pw5p-6hc2: An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'2022-05-24
CVEList
Windows Audio Service Elevation of Privilege Vulnerability2019-06-12

📋Vendor Advisories

1
Microsoft
Windows Audio Service Elevation of Privilege Vulnerability2019-06-11
CVE-2019-1007 — Improper Privilege Management | cvebase