Lucene search
Lucas Leong (@_wmliang_)ZDI-19-188HistoryFeb 12, 2019 - 12:00 a.m.
Microsoft HID Driver Numeric Truncation Information Disclosure Vulnerability
2019-02-1200:00:00
Lucas Leong (@_wmliang_)
www.zerodayinitiative.com
7
0.001 Low
EPSS
Percentile
45.9%
This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists in the hidparse.sys driver, within the function HidPGetSpecificButtonCaps. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges in the context of the kernel.
Related
mscve
mscve
HID Information Disclosure Vulnerability
2019-02-12 08:00:00
symantec
symantec
prion
prion
Information disclosure
2019-03-05 23:29:00
Information disclosure
2019-03-05 23:29:00
cvelist
cvelist
CVE-2019-0601
2019-03-06 00:00:00
CVE-2019-0600
2019-03-06 00:00:00
nvd
nvd
CVE-2019-0600
2019-03-05 23:29:00
CVE-2019-0601
2019-03-05 23:29:00
cve
cve
CVE-2019-0601
2019-03-06 00:00:00
CVE-2019-0600
2019-03-06 00:00:00
mskb
mskb
February 12, 2019âKB4487019 (Security-only update)
2019-02-12 08:00:00
February 12, 2019âKB4487023 (Monthly Rollup)
2019-02-12 08:00:00
February 12, 2019âKB4486564 (Security-only update)
2019-02-12 08:00:00
nessus
nessus
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4486563)
2019-02-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4487000)
2019-02-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4487026)
2019-02-13 00:00:00
kaspersky
kaspersky
KLA11879 Multiple vulnerabiltiies in Microsoft Products (ESU)
2019-02-12 00:00:00
KLA11418 Multiple vulnerabilities in Microsoft Windows
2019-02-12 00:00:00
talosblog
talosblog