CVE-2019-1346
published 2019-10-10CVE-2019-1346: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is…
PriorityP344medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EXPLOIT
EPSS
10.22%
95.1th percentile
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.07.1HIGHAV:N/AC:M/Au:N/C:N/I:N/A:C
vendor_msrc5.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mg6w-cj2x-52x8: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'
ghsa_unreviewed·2022-05-24·CVSS 6.5
CVE-2019-1343 [MEDIUM] GHSA-mg6w-cj2x-52x8: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.
GHSA
GHSA-c9jj-7jgm-qvp7: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'
ghsa_unreviewed·2022-05-24·CVSS 6.5
CVE-2019-1347 [MEDIUM] GHSA-c9jj-7jgm-qvp7: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.
GHSA
GHSA-j5gc-2q3p-gfx8: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'
ghsa_unreviewed·2022-05-24·CVSS 6.5
CVE-2019-1346 [MEDIUM] GHSA-j5gc-2q3p-gfx8: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.
Microsoft
Windows Denial of Service Vulnerability
vendor_msrc·2019-10-08·CVSS 5.7
CVE-2019-1346 [MEDIUM] Windows Denial of Service Vulnerability
Windows Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to cause a target system to stop responding.
The update addresses the vulnerability by correcting how Windows handles objects in memory.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Customer Action Required: Yes
Impact: D
No detection rules found.
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below.
CVE-2019-1333 is a client-side remote execution vulne
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of
http://packetstormsecurity.com/files/154801/Microsoft-Windows-Kernel-CI-HashKComputeFirstPageHash-Out-Of-Bounds-Read.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1346http://packetstormsecurity.com/files/154801/Microsoft-Windows-Kernel-CI-HashKComputeFirstPageHash-Out-Of-Bounds-Read.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1346
2019-10-10
Published