CVE-2019-1186

Published: Aug 14, 2019Modified: Feb 20, 2026

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: secure@microsoft.com (Secondary)

Description

An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory.

Affected (11)

Products: Microsoft: Windows 10, Windows Server 2016, Windows Server 2019

3 products

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 10	All versions
Microsoft Windows 10	Version 1607
Microsoft Windows 10	Version 1703
Microsoft Windows 10	Version 1709
Microsoft Windows 10	Version 1803
Microsoft Windows 10	Version 1809
Microsoft Windows 10	Version 1903
Microsoft Windows Server 2016	All versions
Microsoft Windows Server 2016	Version 1803
Microsoft Windows Server 2016	Version 1903
Microsoft Windows Server 2019	All versions

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline (11)

2/20/2026

1 change

CVE Modified - Description

09:18 PM

- An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory.
+ An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory.

11/21/2024

1 change

CVE Modified - Reference

04:36 AM

- -
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186

5/29/2024

3 changes

CVE Modified - CVSS V3.1

05:16 PM

- -
+ Microsoft Corporation AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE Modified - CVSS V3

05:16 PM

- NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+ -

CVE Modified - Description

05:16 PM

- An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1184.
+ An elevation of privilege vulnerability exists in the way that the wcmsvc.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the wcmsvc.dll properly handles objects in memory.

8/24/2020

1 change

CWE Remap - CWE

05:37 PM

- CWE-264
+ NVD-CWE-noinfo

8/19/2019

5 changes

Initial Analysis - CPE Configuration

06:04 PM

- -
+ OR
     *cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
     *cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*

Initial Analysis - CWE

06:04 PM

- -
+ CWE-264

Initial Analysis - Reference Type

06:04 PM

- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186 No Types Assigned
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1186 Patch, Vendor Advisory

Initial Analysis - CVSS V3

06:04 PM

- -
+ AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Initial Analysis - CVSS V2

06:04 PM

- -
+ (AV:L/AC:L/Au:N/C:P/I:P/A:P)