Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2019-1458

Published: 10/12/2019 Updated: 30/01/2023
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 766
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows server 2012 r2

microsoft windows server 2008 r2

microsoft windows 10 1607

microsoft windows 8.1 -

microsoft windows server 2016 -

microsoft windows 7 -

microsoft windows rt 8.1 -

microsoft windows server 2012 -

microsoft windows 10 -

microsoft windows server 2008 -

Exploits

Exploit DB: Microsoft Windows - 'WizardOpium' Local Privilege Escalation
#include <cstdio> #include <windowsh> extern "C" NTSTATUS NtUserMessageCall(HWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONG_PTR ResultInfo, DWORD dwType, BOOL bAscii); int main() { HINSTANCE hInstance = GetModuleHandle(NULL); WNDCLASSEX wcx; ZeroMemory(&wcx, sizeof(wcx)); wcxhInstance = hInstance; ...
Exploit DB: Microsoft Windows Uninitialized Variable Local Privilege Escalation
This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory By utilizing this vulnerability to execute controlled writes to k ...
Exploit DB: Google Chrome 67, 68 and 69 Object.create exploit
This modules exploits a type confusion in Google Chromes JIT compiler The Objectcreate operation can be used to cause a type confusion between a PropertyArray and a NameDictionary The payload is executed within the rwx region of the sandboxed renderer process This module can target the renderer ...

Metasploit Modules

Google Chrome 67, 68 and 69 Object.create exploit

This modules exploits a type confusion in Google Chromes JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process. This module can target the renderer process (target 0), but Google Chrome must be launched with the --no-sandbox flag for the payload to execute successfully. Alternatively, this module can use CVE-2019-1458 to escape the renderer sandbox (target 1). This will only work on vulnerable versions of Windows (e.g Windows 7) and the exploit can only be triggered once. Additionally the exploit can cause the target machine to restart when the session is terminated. A BSOD is also likely to occur when the system is shut down or rebooted.

msf > use exploit/multi/browser/chrome_object_create
msf exploit(chrome_object_create) > show targets
    ...targets...
msf exploit(chrome_object_create) > set TARGET < target-id >
msf exploit(chrome_object_create) > show options
    ...show and set options...
msf exploit(chrome_object_create) > exploit

Github Repositories

https://github.com/piotrflorczyk/cve-2019-1458_POC

POC for cve-2019-1458

CVE-2019-1458: Going from 'in the wild report' to POC Intro In December Kaspersky published a blogpost about 0day exploit used in the wild It piqued my interest because although they described how the exploit was working, they didn't provide any POC in their analysis This is why I decided to try writing POC for this vulnerability based on Kaspersky's blogp

https://github.com/unamer/CVE-2019-1458

CVE-2019-1458 Windows LPE Exploit

CVE-2019-1458 Windows LPE Exploit Caution YOU ONLY HAVE ONE CHANCE TO EXPLOIT FOR EACH KERNEL REBOOT!!!! Screenshot Supported Version Windows 2012 R2 (Tested) Windows 8 (Tested) Windows 2008 R2 x64(Tested) Windows 71 x64 (Tested) Windows 7 x64 Windows 2012 x64 Windows 2008 x64 ALL X32 VERSION SYSTEMS ARE NOT SUPPORTED (Who uses x32 system nowadays?) Issues Kernel might c

Recent Articles

Microsoft Patch Tuesday – December 2019
Symantec Threat Intelligence Blog • Preethi Koroth • 11 Dec 2024

This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical.

Posted: 11 Dec, 201911 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – December 2019This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical.This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical. As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required w...

Read more...
Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
Symantec Threat Intelligence Blog • Threat Hunter Team • 03 Feb 2024

The attackers spent a significant amount of time on victim networks.

Posted: 3 Feb, 20226 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinAntlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in TaiwanThe attackers spent a significant amount of time on victim networks.Chinese state-backed advanced persistent threat (APT) group Antlion has been targeting financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. The attackers deployed a cust...

Read more...
The zero-day exploits of Operation WizardOpium
Securelist • Boris Larin Alexey Kulaev • 28 May 2020

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we’ve already published blog posts briefly describing this operation (available here and here), in this blog post we’d like to take a deep technical dive into the exploits and vulnerabilities used in this attack. In the original blog post we described the exploit loader responsible for initial validation of the targe...

Read more...
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
Securelist • AMR GReAT • 10 Dec 2019

In November 2019, Kaspersky technologies successfully detected a Google Chrome 0-day exploit that was used in Operation WizardOpium attacks. During our investigation, we discovered that yet another 0-day exploit was used in those attacks. The exploit for Google Chrome embeds a 0-day EoP exploit (CVE-2019-1458) that is used to gain higher privileges on the infected machine as well as escaping the Chrome process sandbox. The exploit is very similar to those developed by the prolific 0-day develope...

Read more...
It's the end of the 20-teens, and your Windows PC can still be pwned by nothing more than a simple bad font
The Register • Shaun Nichols in San Francisco • 10 Dec 2019

End 2019 with a Patch Tuesday from Microsoft, Adobe, SAP and Intel

With the year winding to a close and the holiday parties set to kick off, admins will want to check out the December Patch Tuesday load from Microsoft, Adobe, Intel, and SAP and get them installed before downing the first of many egg nogs. This month is a relatively small patch bundle from Microsoft, with fixes kicked out for just 36 CVE-listed bugs, only seven of which are considered to be critical risks by Redmond standards. Not among those seven is CVE-2019-1458, a flaw believed to be under a...

Read more...

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/159569/Microsoft-Windows-Uninitialized-Variable-Local-Privilege-Escalation.htmlhttps://nvd.nist.govhttps://github.com/piotrflorczyk/cve-2019-1458_POChttps://www.exploit-db.com/exploits/48180
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook