CVE-2019-1364
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
Se presenta una vulnerabilidad de elevaciĆ³n de privilegios en Windows cuando el controlador del modo kernel de Windows no puede manejar apropiadamente los objetos en la memoria, tambiĆ©n se conoce como "Win32k Elevation of Privilege Vulnerability". Este ID de CVE es diferente de CVE-2019-1362.
Microsoft Windows Kernel suffers from a TTF font processing win32k!ulClearTypeFilter pool corruption vulnerability in win32k.sys.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-11-26 CVE Reserved
- 2019-10-10 CVE Published
- 2019-10-10 First Exploit
- 2024-08-04 CVE Updated
- 2025-04-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/154797/Microsoft-Windows-Kernel-win32k.sys-TTF-Font-Processing-win32k-ulClearTypeFilter-Pool-Corruption.html | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/154797 | 2019-10-10 | |
| https://www.exploit-db.com/exploits/47484 | 2019-10-10 |
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1364 | 2020-08-24 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, itanium |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, x64 |
Affected
| ||||||