Main Vulnerability Database Exploits ID:2800 - Exploit for NULL pointer dereference in Windows Server and Windows - CVE-2019-1132

ID:2800 - Exploit for NULL pointer dereference in Windows Server and Windows - CVE-2019-1132

Published: June 2, 2020

Vulnerability identifier: #VU19062

Vulnerability risk: Medium

CVE-ID: CVE-2019-1132

CWE-ID: CWE-476

Exploitation vector: Local access

Vulnerable software:
Windows Server
Windows

Link to public exploit:

https://github.com/FULLSHADE/WindowsExploitationResources

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a NULL pointer dereference error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

ID:2800 - Exploit for NULL pointer dereference in Windows Server and Windows - CVE-2019-1132

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human