7.2
CVSSv2

CVE-2019-1458

Published: 10/12/2019 Updated: 15/10/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 734
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows 7 -

microsoft windows 8.1 -

microsoft windows rt 8.1 -

microsoft windows server 2008 -

microsoft windows server 2008 r2

microsoft windows server 2012 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

Exploits

#include <cstdio> #include <windowsh> extern "C" NTSTATUS NtUserMessageCall(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONG_PTR ResultInfo, DWORD dwType, BOOL bAscii); int main() { HINSTANCE hInstance = GetModuleHandle(NULL); WNDCLASSEX wcx; ZeroMemory(&wcx, sizeof(wcx)); wcxhInstance = hInstance; ...

Mailing Lists

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory By utilizing this vulnerability to execute controlled writes to k ...

Github Repositories

CVE-2019-1458 Windows LPE Exploit

CVE-2019-1458 Windows LPE Exploit Caution YOU ONLY HAVE ONE CHANCE TO EXPLOIT FOR EACH KERNEL REBOOT!!!! Screenshot Supported Version Windows 2012 R2 (Tested) Windows 8 (Tested) Windows 2008 R2 x64(Tested) Windows 71 x64 (Tested) Windows 7 x64 Windows 2012 x64 Windows 2008 x64 ALL X32 VERSION SYSTEMS ARE NOT SUPPORTED (Who uses x32 system nowadays?) Issues Kernel might c

POC for cve-2019-1458

CVE-2019-1458: Going from 'in the wild report' to POC Intro In December Kaspersky published a blogpost about 0day exploit used in the wild It piqued my interest because although they described how the exploit was working, they didn't provide any POC in their analysis This is why I decided to try writing POC for this vulnerability based on Kaspersky's blogp

Information that is yet to be attributed

Panopticon Project The Unattributed Repository A lot of attacks take time to be attributed, but we want to file information on them away so we don't lose it This repo is for any information that doesn't have a clear repository to file it in Table of Contents Generic unattributed actions Generic unattributed malware Trolls and social media influence Suspected state

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) 疑似烂土豆(bad potato /pipe potato) C

my first code

helloworld my first code 4NVIDIA修复了GPU驱动程序、GeForce Experience中的安全漏洞 NVIDIA发布了安全更新,以修复Windows GPU显示驱动程序和NVIDIA GeForce Experience(GFE)软件中的12个高危和中危漏洞。 NVIDIA GFE是GeForce GTX显卡的同类应用程序。NVIDIA修复的漏洞可能导致Windows计算机上运行代码执行、特权提

Resources for Windows exploit development

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching These are all resources that I have personally used and gone through Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HE

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching These are all resources that I have personally used and gone through Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HE

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

https://github.com/SecWiki/windows-kernel-exploits

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2021-33739 [Microsoft DWM Core Library Elevation of Privilege Vulnerability] (Windows 10, 20) CVE-2021-1732 [Windows Win32k Elevation of Privilege Vulnerability] (Windows 10, 2019/2

windows-kernel-exploits Windows平台提权漏洞集合

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 #Security Bulletin   #KB     #Description    #Operating System   CVE-2020-0787 [Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability] (Windows 7/8/10, 2008/2012/2016/2019) CVE-2020-0796 [A remote code execution vulnera

Fully based on Advanced Windows exploitation. Kernel driver exploitation, browser exploitation, heap spraying etc....

Advanced Windows exploit development resources Some resources, links, books, and papers related to mostly Windows Internals and anything Windows kernel related Mostly talks and videos that I enjoyed watching Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocum

Exploit Advanced Windows exploit development resources Really important resources terminus project React OS Win32k Geoff Chappell - Kernel-Mode Windows HEVD Vulnerable driver FLARE Kernel Shellcode Loader Vergilius - Undocumented kernel structures Windows X86-64 System Call Table Vulnerable Driver Megathread Windows Rootkits Talks / video recordings 11 part playlist - Rootk

windows 提权漏洞利用合集,利用脚本都已经生成可执行文件,附带编译环境,演示GIF图,漏洞详细信息

Welcome to Kernelhub 请使用者遵守 中华人民共和国网络安全法,勿将项目用于非授权的测试,项目开发者不负任何连带法律责任。 前言 目前还在收集当中,有几个CVE并没有找到可以利用的源码或者脚本 还有各位大佬的项目地址我也没写文档,后面总结好会在每个CVE下面标明

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

渗透测试有关的POC、EXP、脚本、提权、小工具等,欢迎补充、完善---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

公开收集所用

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Microsoft Patch Tuesday – December 2019
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Dec 2021

This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical.

Posted: 11 Dec, 201911 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – December 2019This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical.This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all soft...

Purple Fox EK Adds Microsoft Exploits to Arsenal
Threatpost • Lindsey O'Donnell • 06 Jul 2020

The Purple Fox exploit kit (EK) has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future.
The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig EK in the distribution chain of Purple Fox malware, which is a trojan/rootkit. The latest revision to the exploit kit has added attacks again...

The zero-day exploits of Operation WizardOpium
Securelist • Boris Larin Alexey Kulaev • 28 May 2020

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploits and vulnerabilities used in this attack.
In the original blog post we described the exploit loader responsible for initial validation of the...

SAS@home Virtual Summit Showcases New Threat Intel, Industry Changes
Threatpost • Tara Seals • 24 Apr 2020

As the COVID-19 pandemic continues to force in-person cybersecurity event cancellations, Kaspersky is forging ahead with a virtual security summit, SAS@home.
Topics on the agenda include threat intel on advanced persistent threats (APTs), new vulnerability research, and topics related to a post-crisis world – such as how the industry is changing because of the pandemic.
The online conference, scheduled for April 28-30, is meant to complement the firm’s annual Security Analyst Sum...

It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font
The Register • Shaun Nichols in San Francisco • 10 Dec 2019

End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel

With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs.
This month is a relatively small patch bundle from Microsoft, with fixes kicked out for just 36 CVE-listed bugs, only seven of which are considered to be critical risks by Redmond standards.
Not among those seven is CVE-2019-1458, a flaw believed t...

Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
Securelist • AMR GReAT • 10 Dec 2019

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as well as escaping the Chrome process sandbox. The exploit is very similar to those developed by the prolific 0-day develope...

Microsoft Zaps Actively Exploited Zero-Day Bug
Threatpost • Tara Seals • 10 Dec 2019

Microsoft has issued fixes for 36 CVEs for December 2019 Patch Tuesday across a range of products, with seven of them rated critical in severity – and one that’s already being exploited in the wild as a zero-day bug.
The computing giant’s scheduled security update this month is relatively light, and includes patches for Microsoft Windows, Internet Explorer, Microsoft Office and related apps, SQL Server, Visual Studio and Skype for Business. In all, December Patch Tuesday addressed se...

Windows, Chrome Zero-Days Chained in Operation WizardOpium Attacks
BleepingComputer • Lawrence Abrams • 10 Dec 2019

Zero-day vulnerabilities in Google Chrome and Microsoft Windows were used to download and install malware onto Windows computers that visited a Korean-language news portal.
A zero-day vulnerability is one that is known, but not patched by the developers in charge of patching the vulnerability. These zero-day vulnerabilities are particularly dangerous as they can be used by state-sponsored attackers to perform malicious activity on vulnerable devices.
Last month, Kaspersky revealed...

It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font
The Register • Shaun Nichols in San Francisco • 10 Dec 2019

End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel

With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs.
This month is a relatively small patch bundle from Microsoft, with fixes kicked out for just 36 CVE-listed bugs, only seven of which are considered to be critical risks by Redmond standards.
Not among those seven is CVE-2019-1458, a flaw believed t...