Attacker Value
Moderate
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2019-1169

Disclosure Date: August 14, 2019
CVE-2019-1169 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
The update addresses this vulnerability by correcting how the Windows kernel-mode driver handles objects in memory.

Add Assessment

1
Ratings
  • Attacker Value
    Medium
  • Exploitability
    Medium
Common in enterpriseVulnerable in default configurationDifficult to weaponize
Technical Analysis

Wrote up a full analysis of this bug in two parts at https://versprite.com/blog/security-research/cve-2019-1169-vulnerability-windows/. I believe that in reality CVE-2019-1169 actually covers several vulnerabilities, as if one looks at ZDI’s advisory at https://www.zerodayinitiative.com/advisories/ZDI-19-709/ they can see that one of the bugs covered by CVE-2019-1169 is actually an information leak.

My blog post covers this information leak which is exploitable by attackers who have some knowledge of how Windows messages work and how windows hooks and event hooks operate. Exploiting the vulnerability is only possible on Windows 7 x86 and prior as it is a NULL pointer dereference vulnerability, however successful exploitation results in the ability to read a DWORD worth of information at two arbitrary addresses in kernel memory per exploitation attempt.

I have also written up exploit code which will trigger this info leak vulnerability, which is available at https://github.com/VerSprite/research/tree/master/exploits/Ndays/CVE-2019-1169

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Windows 7 publication
Windows 7 Service Pack 1 publication
Windows Server 2008 Service Pack 2 publication
Windows Server 2008 Service Pack 2 (Server Core installation) publication
Windows Server 2008 Service Pack 2 publication
Windows Server 2008 R2 Systems Service Pack 1 publication
Windows Server 2008 R2 Service Pack 1 publication
Windows Server 2008 R2 Service Pack 1 (Server Core installation) publication
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • microsoft

Products

  • windows 7 -,
  • windows server 2008 -,
  • windows server 2008 r2

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis