Main Vulnerability Database Vulnerabilities #VU17997

Permissions, Privileges, and Access Controls in Windows Server and Windows - CVE-2019-0766

Published: March 17, 2019

Vulnerability identifier: #VU17997

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-0766

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows Server
Windows

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an error within the Windows AppX Deployment Server that allows users to create files in arbitrary locations on the system. A local user can use a specially crafted application to create files in arbitrary locations.

How to mitigate CVE-2019-0766

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0766

Permissions, Privileges, and Access Controls in Windows Server and Windows - CVE-2019-0766

Detailed vulnerability description

How to mitigate CVE-2019-0766

Sources

Please verify you're human