CVE-2019-1043 — Microsoft Windows 10 Version 1507 vulnerability

5 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

2.5%

top 14.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

22

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1703 +19 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install pr…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages22 packages

▶CVEListV5microsoft/windows_10_version_1709_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_32-bit_systems10.0.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_x64-based_systems10.0.0 — publication

▶CVEListV5microsoft/windows_server_2008_r2_systems_service_pack_16.1.0 — publication

▶CVEListV5microsoft/windows_10_version_1903_for_arm64-based_systems10.0.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-jv5f-3fwg-6pqw: A remote code execution vulnerability exists in the way that comctl32↗2022-05-24

▶

CVEList

Comctl32 Remote Code Execution Vulnerability↗2019-06-12

▶

📋Vendor Advisories

1

Microsoft

Comctl32 Remote Code Execution Vulnerability↗2019-06-11

▶

💬Community

1

Bugzilla

CVE-2019-19794 golang-github-miekg-dns: predictable TXID can lead to response forgeries↗2019-12-27

▶

CVE-2019-1043 — Microsoft vulnerability | cvebase