Information disclosure in Microsoft unistore.dll

Published: 2019-07-10 15:02:30 | Updated: 2019-07-10
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-1091
CVSSv3 3.3 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-125
Exploitation vector Local
Public exploit N/A
Vulnerable software Windows
Windows Server
Vulnerable software versions Windows 10
Windows 10 1607
Windows 10 1703

Show more

Windows Server 2016
Windows Server 2019
Windows Server 1803
Windows Server 1903
Vendor URL Microsoft

Security Advisory

1) Out-of-bounds read

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling objects in memory within Unistore.dll. A local user can create a specially crafted application and gain access to memory contents of an elevated process.

Remediation

Install update from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1091

Back to List