Main Vulnerability Database Vulnerabilities #VU23499

#VU23499 Input validation error in Windows and Windows Server - CVE-2019-1470

Published: December 10, 2019

Vulnerability identifier: #VU23499

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1470

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated usre of a guest operating system can use specially crafted program to send request to the host operating system and disclose memory of the host OS.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1470

#VU23499 Input validation error in Windows and Windows Server - CVE-2019-1470

Description

Remediation

External links

Please verify you're human