| Severity | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE ID | CVE-2019-1091 |
| CVSSv3 |
3.3 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C] |
| CWE ID |
CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Windows Windows Server |
| Vulnerable software versions |
Windows 10 Windows 10 1607 Windows 10 1703 Show more Windows Server 2016 Windows Server 2019 Windows Server 1803 Windows Server 1903 |
| Vendor URL | Microsoft |
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling objects in memory within Unistore.dll. A local user can create a specially crafted application and gain access to memory contents of an elevated process.
RemediationInstall update from vendor's website.
External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1091