CVE-2019-1179

Published: Aug 14, 2019Modified: Feb 20, 2026

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.

Affected (11)

Products: Microsoft: Windows 10, Windows Server 2016, Windows Server 2019

3 products

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	All versions
Microsoft Windows 10	Version 1607
Microsoft Windows 10	Version 1703
Microsoft Windows 10	Version 1709
Microsoft Windows 10	Version 1803
Microsoft Windows 10	Version 1809
Microsoft Windows 10	Version 1903
Microsoft Windows Server 2016	All versions
Microsoft Windows Server 2016	Version 1803
Microsoft Windows Server 2016	Version 1903
Microsoft Windows Server 2019	All versions

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline (11)

2/20/2026

1 change

CVE Modified - Description

09:18 PM

- An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.
+ An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.

11/21/2024

1 change

CVE Modified - Reference

04:36 AM

- -
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179

5/29/2024

3 changes

CVE Modified - CVSS V3.1

05:16 PM

- -
+ Microsoft Corporation AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE Modified - CVSS V3

05:16 PM

- NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ -

CVE Modified - Description

05:16 PM

- An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1180, CVE-2019-1184, CVE-2019-1186.
+ An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the unistore.dll properly handles objects in memory.

8/24/2020

1 change

CWE Remap - CWE

05:37 PM

- CWE-264
+ NVD-CWE-noinfo

8/19/2019

5 changes

Initial Analysis - CPE Configuration

03:53 PM

- -
+ OR
     *cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Initial Analysis - CWE

03:53 PM

- -
+ CWE-264

Initial Analysis - Reference Type

03:53 PM

- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179 No Types Assigned
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1179 Patch, Vendor Advisory

Initial Analysis - CVSS V3

03:53 PM

- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Initial Analysis - CVSS V2

03:53 PM

- -
+ (AV:L/AC:L/Au:N/C:P/I:P/A:P)