CVE-2019-1188
7.5
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.6 / Impact: 5.9
Source: secure@microsoft.com (Secondary)
Description
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.
The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
Affected (7)
Products: Microsoft: Windows 10, Windows Server 2016, Windows Server 2019
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1709 | |
| Version 1803 | |
| All versions |
References (2)
Source: secure@microsoft.com
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Timeline (13)
2/20/20261 change
CVE Modified - Description
09:18 PM
- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.
The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
+ A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.
The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
11/21/20241 change
CVE Modified - Reference
04:36 AM
- -
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1188
7/3/20241 change
CVE Modified - CWE
01:35 AM
- -
+ CISA-ADP CWE-59
5/29/20243 changes
CVE Modified - CVSS V3.1
05:16 PM
- -
+ Microsoft Corporation AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE Modified - CVSS V3
05:16 PM
- NIST AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
+ -
CVE Modified - Description
05:16 PM
- A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.
+ A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system.
The security update addresses the vulnerability by correcting the processing of shortcut LNK references.
8/24/20201 change
CWE Remap - CWE
05:37 PM
- CWE-20
+ CWE-59
8/21/20196 changes
Initial Analysis - CPE Configuration
12:24 PM
- -
+ OR
*cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
*cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Initial Analysis - CWE
12:24 PM
- -
+ CWE-20
Initial Analysis - Reference Type
12:24 PM
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1188 No Types Assigned
+ https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1188 Patch, Vendor Advisory
Initial Analysis - CVSS V3
12:24 PM
- -
+ AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Initial Analysis - CVSS V2
12:24 PM
- -
+ (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Initial Analysis - CVSS V2 Metadata
12:24 PM
- -
+ Victim must voluntarily interact with attack mechanism