CVE-2019-1267Link Following in Microsoft Windows

CWE-59Link FollowingCWE-269Improper Privilege Management11 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 35.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
24
Microsoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit SystemsMicrosoft Windows 10 Version 1903 FOR Arm64-based Systems+21 more
Timeline
PublishedSep 11
Latest updateMay 24

Description

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks, aka 'Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages22 packages

CVEListV5microsoft/windows19 versions+18
NVDmicrosoft/windowsr2, 1803, 1903+2
NVDmicrosoft/windows_106 versions+5
CVEListV5microsoft/windows_server10 versions+9

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-rw23-mpwm-7vmh: An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable t2022-05-24

📋Vendor Advisories

1
Microsoft
Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability2019-09-10

💬Community

6
Bugzilla
CVE-2019-9797 Mozilla: Cross-origin theft of images with createImageBitmap2019-05-22
Bugzilla
CVE-2019-9819 Mozilla: Compartment mismatch with fetch API2019-05-22
Bugzilla
CVE-2019-9817 Mozilla: Stealing of cross-domain images using canvas2019-05-22
Bugzilla
CVE-2019-11692 Mozilla: Use-after-free removing listeners in the event listener manager2019-05-22
Bugzilla
CVE-2019-9820 Mozilla: Use-after-free of ChromeEventHandler by DocShell2019-05-22
CVE-2019-1267 — Link Following in Microsoft Windows | cvebase