Attacker Value
Very High
(3 users assessed)
Exploitability
Low
(3 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

Win32k Elevation of Privilege Vulnerability

Disclosure Date: April 09, 2019 Last updated February 21, 2020
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2019-0797.

Add Assessment

2
Ratings
Technical Analysis

Just an update to my previous assessment (@tekwizz123), but this was in fact exploited in the wild as noted at https://blogs.360.cn/post/RootCause_CVE-2019-0808_EN.html and https://securityaffairs.co/wordpress/82428/hacking/cve-2019-0808-win-flaw.html.

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Low
Technical Analysis

This bug is interesting because it was being used in the wild to install software without user permissions: https://krebsonsecurity.com/tag/cve-2019-0797/. It had intrinsic value to attackers already. Whether you are really at risk depends on whether you like to run malicious binaries. Do you?

General Information

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis