Vulnerability Details : CVE-2019-1174
An elevation of privilege vulnerability exists in the way that the PsmServiceExtHost.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
The security update addresses the vulnerability by ensuring the PsmServiceExtHost.dll properly handles objects in memory.
Vulnerability category: Execute codeGain privilege
Products affected by CVE-2019-1174
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-1174
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-1174
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
|
7.0
|
HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
Microsoft Corporation | 2024-05-29 |
CWE ids for CVE-2019-1174
-
Aliased or mirrored memory regions in hardware designs may have inconsistent read/write permissions enforced by the hardware. A possible result is that an untrusted agent is blocked from accessing a memory region but is not blocked from accessing the corresponding aliased memory region.Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
References for CVE-2019-1174
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1174
CVE-2019-1174 | Windows Elevation of Privilege VulnerabilityPatch;Vendor Advisory
Jump to