Main Vulnerability Database Vulnerabilities #VU16865

Input validation error in Windows Server and Windows - CVE-2019-0551

Published: January 8, 2019 / Updated: January 8, 2019

Vulnerability identifier: #VU16865

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-0551

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows Server
Windows

Detailed vulnerability description

The vulnerability allows an adjacent attacker to compromise vulnerable system.

The vulnerability exists due to an input validation error when processing malicious input. An attacker running inside a virtual machine can run a specially crafted application that could cause the Hyper-V host operating system to execute arbitrary code.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable host system.

How to mitigate CVE-2019-0551

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0551

Input validation error in Windows Server and Windows - CVE-2019-0551

Detailed vulnerability description

How to mitigate CVE-2019-0551

Sources

Please verify you're human