CVE-2019-1458

Known Exploited (CISA KEV)HIGH

7.8

CVSS Severity Score

EPSS Score57.6020%

EPSS Percentile92.51th

Published2019年12月10日

Last Modified2025年10月29日

Vulnerability Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Affected Platforms (CPE)

💻

Microsoft

Windows 10 1507

All versions

💻

Microsoft

Windows 10 1507

All versions

💻

Microsoft

Windows 10 1607

All versions

💻

Microsoft

Windows 10 1607

All versions

💻

Microsoft

Windows 7

All versions

💻

Microsoft

Windows 8.1

All versions

💻

Microsoft

Windows Rt 8.1

All versions

💻

Microsoft

Windows Server 2008

All versions

💻

Microsoft

Windows Server 2008

= r2

💻

Microsoft

Windows Server 2008

= r2

💻

Microsoft

Windows Server 2012

All versions

💻

Microsoft

Windows Server 2012

= r2

💻

Microsoft

Windows Server 2016

All versions

References & Advisories

🔗 http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html

🔗 http://packetstormsecurity.com/files/159569/Microsoft-Windows-Uninitialized-Variable-Local-Privilege-Escalation.html

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458

🔗 http://packetstormsecurity.com/files/156651/Microsoft-Windows-WizardOpium-Local-Privilege-Escalation.html

🔗 http://packetstormsecurity.com/files/159569/Microsoft-Windows-Uninitialized-Variable-Local-Privilege-Escalation.html

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1458

🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1458

Vulnerability Description

Affected Platforms (CPE)

Windows 10 1507

Windows 10 1507

Windows 10 1607

Windows 10 1607

Windows 7

Windows 8.1

Windows Rt 8.1

Windows Server 2008

Windows Server 2008

Windows Server 2008

Windows Server 2012

Windows Server 2012

Windows Server 2016

References & Advisories

相關漏洞威脅