Main Vulnerability Database Exploits ID:4707 - Exploit for Buffer overflow in Windows and Windows Server - CVE-2019-1458

ID:4707 - Exploit for Buffer overflow in Windows and Windows Server - CVE-2019-1458

Published: October 15, 2020

Vulnerability identifier: #VU23486

Vulnerability risk: Medium

CVE-ID: CVE-2019-1458

CWE-ID: CWE-119

Exploitation vector: Local access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://www.rapid7.com/db/modules/exploit/windows/local/cve_2019_1458_wizardopium

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing objects in memory within the Win32k component. A local user can create a malicious application, launch it on the system and execute arbitrary code with SYSTEM privileges.

Note, this vulnerability is being actively exploited in the wild.

Remediation

Install update from vendor's website.

ID:4707 - Exploit for Buffer overflow in Windows and Windows Server - CVE-2019-1458

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human