PRIOn knowledge basePRION:CVE-2019-0685

HistoryApr 09, 2019 - 9:29 p.m.

Privilege escalation

2019-04-0921:29:00

PRIOn knowledge base

www.prio-n.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

7.6%

JSON

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0803, CVE-2019-0859.

CPENameOperatorVersion
windows_10eq1607
windows_10eq1703
windows_10eq1709
windows_10eq1803
windows_10eq1809
windows_server_2016eq1709
windows_server_2016eq1803

Name	Operator	Version
windows_10	eq	1607
windows_10	eq	1703
windows_10	eq	1709
windows_10	eq	1803
windows_10	eq	1809
windows_server_2016	eq	1709
windows_server_2016	eq	1803

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0685

attackerkb 3

cve 3

prion 2

thn 2

krebs 2

checkpoint_advisories 3

mscve 3

symantec 3

githubexploit 1

cisa_kev 2

canvas 2

zdt 1

qualysblog 3

securelist 4

exploitpack 1

myhack58 1

exploitdb 1

threatpost 5

fireeye 1

googleprojectzero 1

nessus 10

kaspersky 2

mskb 14

openvas 9

talosblog 1

ics 1

attackerkb

CVE-2019-0803

2019-04-09 00:00:00

CVE-2019-0685

2019-04-09 00:00:00

CVE-2019-0859

2019-04-09 00:00:00

cve

CVE-2019-0803

2019-04-09 21:29:00

CVE-2019-0685

2019-04-09 21:29:00

CVE-2019-0859

2019-04-09 21:29:00

prion

Privilege escalation

2019-04-09 21:29:00

Privilege escalation

2019-04-09 21:29:00

thn

Microsoft Releases April 2019 Security Updates — Two Flaws Under Active Attack

2019-04-09 18:01:00

Researchers Fingerprint Exploit Developers Who Help Several Malware Authors

2020-10-02 09:59:00

krebs

Patch Tuesday Lowdown, April 2019 Edition

2019-04-10 00:07:33

Patch Tuesday, December 2019 Edition

2019-12-11 01:51:25

checkpoint_advisories

Microsoft Win32k Elevation of Privilege (CVE-2019-0685)

2019-04-09 00:00:00

Microsoft Win32k Elevation of Privilege (CVE-2019-0859)

2019-04-09 00:00:00

Microsoft Windows GDI Elevation of Privilege (CVE-2019-0803)

2019-04-09 00:00:00

mscve

Win32k Elevation of Privilege Vulnerability

2019-04-09 07:00:00

Win32k Elevation of Privilege Vulnerability

2019-04-09 07:00:00

Win32k Elevation of Privilege Vulnerability

2019-04-09 07:00:00

symantec

Microsoft Windows Win32k CVE-2019-0685 Local Privilege Escalation Vulnerability

2019-04-09 00:00:00

Microsoft Windows Win32k CVE-2019-0859 Local Privilege Escalation Vulnerability

2019-04-09 00:00:00

Microsoft Windows Kernel 'Win32k.sys' CVE-2019-0803 Local Privilege Escalation Vulnerability

2019-04-09 00:00:00

githubexploit

Exploit for Vulnerability in Microsoft

2019-06-07 04:37:34

cisa_kev

Microsoft Win32k Privilege Escalation Vulnerability

2021-11-03 00:00:00

Microsoft Win32k Privilege Escalation Vulnerability

2021-11-03 00:00:00

canvas

Immunity Canvas: MENU_CONFUSION_LPE

2019-04-09 21:29:00

Immunity Canvas: DDE_CLOSEHANDLE_LPE

2019-04-09 21:29:00

zdt

Microsoft Windows - Win32k Local Privilege Escalation Exploit

2019-05-24 00:00:00

qualysblog

April 2019 Patch Tuesday – 74 Vulns, 16 Critical, 2 Actively Attacked, 1 PoC Exploit, Adobe Vulns

2019-04-09 18:50:54

NSA Alert: Chinese State-Sponsored Actors Exploit Known Vulnerabilities

2020-10-22 23:10:29

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

securelist

IT threat evolution Q2 2019

2019-08-19 10:00:29

New zero-day vulnerability CVE-2019-0859 in win32k.sys

2019-04-15 10:00:56

The zero-day exploits of Operation WizardOpium

2020-05-28 10:00:09

exploitpack

Microsoft Windows - Win32k Local Privilege Escalation

2019-05-15 00:00:00

myhack58

2019 4 on Microsoft patch day multiple vulnerabilities early warning-vulnerability warning-the black bar safety net

2019-04-10 00:00:00

exploitdb

Microsoft Windows - 'Win32k' Local Privilege Escalation

2019-05-15 00:00:00

threatpost

A Brisk Private Trade in Zero-Days Widens Their Use

2020-04-06 21:05:06

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown

2018-03-16 16:15:27

Windows Zero-Day Emerges in Active Exploits

2019-04-16 16:13:33

fireeye

Zero-Day Exploitation Increasingly Demonstrates Access to Money, Rather than Skill — Intelligence for Vulnerability Management, Part One

2020-04-06 00:00:00

googleprojectzero

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019

2020-07-29 00:00:00

nessus

KB4493441: Windows 10 Version 1709 and Windows Server Version 1709 April 2019 Security Update

2019-04-09 00:00:00

KB4493464: Windows 10 Version 1803 and Windows Server Version 1803 April 2019 Security Update

2019-04-09 00:00:00

KB4493470: Windows 10 Version 1607 and Windows Server 2016 April 2019 Security Update

2019-04-09 00:00:00

kaspersky

KLA11460 Multiple vulnerabilities in Microsoft Windows

2019-04-09 00:00:00

KLA11875 Multiple vulnerabilities in Microsoft Products (ESU)

2019-04-09 00:00:00

mskb

April 9, 2019—KB4493470 (OS Build 14393.2906)

2019-04-09 07:00:00

April 9, 2019—KB4493474 (OS Build 15063.1746)

2019-04-09 07:00:00

April 9, 2019—KB4493450 (Security-only update)

2019-04-09 07:00:00

openvas

Microsoft Windows Multiple Vulnerabilities (KB4493470)

2019-04-10 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4493474)

2019-04-10 00:00:00

Microsoft Windows Multiple Vulnerabilities (KB4493441)

2019-04-10 00:00:00

talosblog

Microsoft Patch Tuesday — April 2019: Vulnerability disclosures and Snort coverage

2019-04-09 11:10:02

ics

Potential for China Cyber Response to Heightened U.S.–China Tensions

2020-10-20 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

7.6%

JSON

Related for PRION:CVE-2019-0685