Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-1184 — Improper Privilege Management in Microsoft Windows 10 Version 1803
Severity
6.7MEDIUMNVD
EPSS
7.3%
top 8.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedAug 14
Latest updateMay 24
Description
An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The u…
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9
Affected Packages20 packages
Patches
🔴Vulnerability Details
9GHSA▶
GHSA-5xj6-qhjx-f6xh: An elevation of privilege vulnerability exists in the way that the wcmsvc↗2022-05-24
GHSA▶
GHSA-82mq-2jww-m58g: An elevation of privilege vulnerability exists in the way that the unistore↗2022-05-24
GHSA▶
GHSA-f245-h455-7hqv: An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost↗2022-05-24
GHSA▶
GHSA-vfjm-94qj-mfgw: An elevation of privilege vulnerability exists in the way that the ssdpsrv↗2022-05-24
GHSA▶
GHSA-5fw3-2234-g822: An elevation of privilege vulnerability exists in the way that the psmsrv↗2022-05-24