CVE-2019-1388
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
Se presenta una vulnerabilidad de elevaciĆ³n de privilegios en el Windows Certificate Dialog cuando no aplica apropiadamente los privilegios de usuario, tambiĆ©n se conoce como "Windows Certificate Dialog Elevation of Privilege Vulnerability".
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to access an interactive desktop as a low-privileged user on the target system in order to exploit this vulnerability.
The specific flaw exists within the User Account Control (UAC) user interface shown on the secure desktop. By interacting with the user interface, an attacker can launch a highly-privileged web browser on the normal desktop. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-26 CVE Reserved
- 2019-11-12 CVE Published
- 2019-11-21 First Exploit
- 2023-04-07 Exploited in Wild
- 2023-04-28 KEV Due Date
- 2024-03-25 EPSS Updated
- 2024-08-04 CVE Updated
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://www.zerodayinitiative.com/advisories/ZDI-19-975 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/jas502n/CVE-2019-1388 | 2019-11-21 | |
https://github.com/sv3nbeast/CVE-2019-1388 | 2020-03-18 | |
https://github.com/nobodyatall648/CVE-2019-1388 | 2021-05-06 | |
https://github.com/jaychouzzk/CVE-2019-1388 | 2019-11-21 | |
https://github.com/suprise4u/CVE-2019-1388 | 2021-06-07 |
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388 | 2019-11-14 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1607 Search vendor "Microsoft" for product "Windows 10" and version "1607" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1709 Search vendor "Microsoft" for product "Windows 10" and version "1709" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1803 Search vendor "Microsoft" for product "Windows 10" and version "1803" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1809 Search vendor "Microsoft" for product "Windows 10" and version "1809" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | 1903 Search vendor "Microsoft" for product "Windows 10" and version "1903" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 7 Search vendor "Microsoft" for product "Windows 7" | - | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Rt 8.1 Search vendor "Microsoft" for product "Windows Rt 8.1" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | - | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008" | r2 Search vendor "Microsoft" for product "Windows Server 2008" and version "r2" | sp1, x64 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2012 Search vendor "Microsoft" for product "Windows Server 2012" | r2 Search vendor "Microsoft" for product "Windows Server 2012" and version "r2" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | - | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 1803 Search vendor "Microsoft" for product "Windows Server 2016" and version "1803" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2016 Search vendor "Microsoft" for product "Windows Server 2016" | 1903 Search vendor "Microsoft" for product "Windows Server 2016" and version "1903" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2019 Search vendor "Microsoft" for product "Windows Server 2019" | - | - |
Affected
|