Vulnerability Details : CVE-2019-0603

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions. The security update addresses the vulnerability by correcting how Windows Deployment Services TFTP Server handles objects in memory, aka 'Windows Deployment Services TFTP Server Remote Code Execution Vulnerability'.
Publish Date : 2019-04-08 Last Update Date : 2020-08-24

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	8.5
Confidentiality Impact	Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	???
Gained Access	None
Vulnerability Type(s)	Execute Code
CWE ID	CWE id is not defined for this vulnerability

- Products Affected By CVE-2019-0603

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	OS	Microsoft	Windows 10	1607	*	*	*	Version Details Vulnerabilities
2	OS	Microsoft	Windows 10	1803	*	*	*	Version Details Vulnerabilities
3	OS	Microsoft	Windows 10	1809	*	*	*	Version Details Vulnerabilities
4	OS	Microsoft	Windows 7	-	SP1	*	*	Version Details Vulnerabilities
5	OS	Microsoft	Windows 8.1	-	*	*	*	Version Details Vulnerabilities
6	OS	Microsoft	Windows Rt 8.1	-	*	*	*	Version Details Vulnerabilities
7	OS	Microsoft	Windows Server 2008	-	SP2	*	*	Version Details Vulnerabilities
8	OS	Microsoft	Windows Server 2008	R2	SP1	*	*	Version Details Vulnerabilities
9	OS	Microsoft	Windows Server 2008	R2	SP1	*	*	Version Details Vulnerabilities
10	OS	Microsoft	Windows Server 2012	-	*	*	*	Version Details Vulnerabilities
11	OS	Microsoft	Windows Server 2012	R2	*	*	*	Version Details Vulnerabilities
12	OS	Microsoft	Windows Server 2016	-	*	*	*	Version Details Vulnerabilities
13	OS	Microsoft	Windows Server 2016	1803	*	*	*	Version Details Vulnerabilities
14	OS	Microsoft	Windows Server 2019	-	*	*	*	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Microsoft	Windows 10	3
Microsoft	Windows 7	1
Microsoft	Windows 8.1	1
Microsoft	Windows Rt 8.1	1
Microsoft	Windows Server 2008	3
Microsoft	Windows Server 2012	2
Microsoft	Windows Server 2016	2
Microsoft	Windows Server 2019	1

- References For CVE-2019-0603

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0603 CONFIRM

- Metasploit Modules Related To CVE-2019-0603

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)