Main Vulnerability Database Vulnerabilities #VU21009

#VU21009 Insufficient verification of data authenticity in Windows and Windows Server - CVE-2019-1235

Published: September 10, 2019

Vulnerability identifier: #VU21009

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1235

CWE-ID: CWE-345

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due insufficient validation of input data origin within the Windows Text Service Framework (TSF) server, sent through a malicious Input Method Editor (IME). A local user can run a specially crafted application and escalate privileges on the system.

Successful exploitation of the vulnerability requires that IME is installed on the system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1235

#VU21009 Insufficient verification of data authenticity in Windows and Windows Server - CVE-2019-1235

Description

Remediation

External links

Please verify you're human