CVE-2019-1021Microsoft Windows 10 Version 1703 vulnerability

22 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.3%
top 46.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
11
Microsoft Windows 10 Version 1703Microsoft Windows 10 Version 1709Microsoft Windows 10 Version 1709 FOR 32-bit Systems+8 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This vulnerability by itself does not allow arbitrary code to be run. However, this vulnerability could be used in conjunction with one or more vulnerabilities (e.g. a remote code execution vulnerability and ano

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages11 packages

CVEListV5microsoft/windows_server_201910.0.17763.0publication
CVEListV5microsoft/windows_10_version_170310.0.0publication
CVEListV5microsoft/windows_10_version_170910.0.0publication
CVEListV5microsoft/windows_10_version_180310.0.0publication
CVEListV5microsoft/windows_10_version_180910.0.17763.0publication+1

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-whc2-3vhp-2qhv: An elevation of privilege exists in Windows Audio Service, aka 'Windows Audio Service Elevation of Privilege Vulnerability'2022-05-24
CVEList
Windows Audio Service Elevation of Privilege Vulnerability2019-06-12

📋Vendor Advisories

1
Microsoft
Windows Audio Service Elevation of Privilege Vulnerability2019-06-11

💬Community

18
Bugzilla
CVE-2019-5826 chromium-browser: Use-after-free in IndexedDB2019-05-07
Bugzilla
CVE-2019-5825 chromium-browser: Out-of-bounds write in V82019-05-07
Bugzilla
CVE-2019-5811 chromium-browser: CORS bypass in Blink2019-04-25
Bugzilla
CVE-2019-5819 chromium-browser: Incorrect escaping in developer tools2019-04-25
Bugzilla
CVE-2019-5808 chromium-browser: Use after free in Blink2019-04-25
CVE-2019-1021 — Microsoft vulnerability | cvebase