CVE-2019-1173
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: secure@microsoft.com (Secondary)
Description
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
Affected (6)
Products: Microsoft: Windows 10, Windows Server 2016, Windows Server 2019
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1803 | |
| Version 1803 | |
| All versions |
References (2)
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline (11)
2/20/20261 change
CVE Modified - Description
09:18 PM
- An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
+ An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
11/21/20241 change
CVE Modified - Reference
04:36 AM
- -
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1173
5/29/20243 changes
CVE Modified - CVSS V3.1
05:16 PM
- -
+ Microsoft Corporation AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE Modified - CVSS V3
05:16 PM
- NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ -
CVE Modified - Description
05:16 PM
- An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.
+ An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
8/24/20201 change
CWE Remap - CWE
05:37 PM
- CWE-264
+ NVD-CWE-noinfo
8/19/20195 changes
Initial Analysis - CPE Configuration
05:16 PM
- -
+ OR
*cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Initial Analysis - CWE
05:16 PM
- -
+ CWE-264
Initial Analysis - Reference Type
05:16 PM
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1173 No Types Assigned
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1173 Patch, Vendor Advisory
Initial Analysis - CVSS V3
05:16 PM
- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Initial Analysis - CVSS V2
05:16 PM
- -
+ (AV:L/AC:L/Au:N/C:P/I:P/A:P)