CVE-2019-1235Origin Validation Error in Microsoft Windows

CWE-346Origin Validation Error4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 67.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
25
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+22 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages23 packages

CVEListV5microsoft/windows_server17 versions+16

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-mg77-6v9g-p6gc: An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of inp2022-05-24

📋Vendor Advisories

1
Microsoft
Windows Text Service Framework Elevation of Privilege Vulnerability2019-09-10

🕵️Threat Intelligence

1
Tenable
Microsoft's September 2019 Patch Tuesday: Tenable Roundup2019-09-10
CVE-2019-1235 — Origin Validation Error in Microsoft | cvebase