CVE-2019-1174 — Improper Access Control Applied to Mirrored or Aliased Memory Regions in Microsoft Windows 10 Version 1809
Severity
7.0HIGHNVD
EPSS
0.1%
top 64.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 14
Latest updateMay 24
Description
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages15 packages
Patches
🔴Vulnerability Details
9GHSA▶
GHSA-5xj6-qhjx-f6xh: An elevation of privilege vulnerability exists in the way that the wcmsvc↗2022-05-24
GHSA▶
GHSA-82mq-2jww-m58g: An elevation of privilege vulnerability exists in the way that the unistore↗2022-05-24
GHSA▶
GHSA-f245-h455-7hqv: An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost↗2022-05-24
GHSA▶
GHSA-vfjm-94qj-mfgw: An elevation of privilege vulnerability exists in the way that the ssdpsrv↗2022-05-24
GHSA▶
GHSA-5fw3-2234-g822: An elevation of privilege vulnerability exists in the way that the psmsrv↗2022-05-24