CVE-2019-1185Stack-based Buffer Overflow in Microsoft Windows 10 Version 1903 FOR 32-bit Systems

CWE-121Stack-based Buffer Overflow6 documents5 sources
Severity
7.3HIGHNVD
EPSS
0.8%
top 25.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Microsoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based SystemsMicrosoft Windows 10 Version 1903 FOR X64-based Systems+6 more
Timeline
PublishedAug 14
Latest updateMay 24

Description

An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by correcting how Windows Subsystem for Linux handles objects in memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages9 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-hc8w-p2wf-g46r: An elevation of privilege vulnerability exists due to a stack corruption in Windows Subsystem for Linux, aka 'Windows Subsystem for Linux Elevation of2022-05-24

📋Vendor Advisories

1
Microsoft
Windows Subsystem for Linux Elevation of Privilege Vulnerability2019-08-13

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage2019-08-13
Talos
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage2019-08-13

💬Community

1
Bugzilla
CVE-2019-12973 openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c2019-07-23
CVE-2019-1185 — Stack-based Buffer Overflow | cvebase