CVE-2019-0803

HIGH
2019-04-09 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Patch Released
Oct 29, 2025 - 14:44 nvd
Patch available
PoC Detected
Oct 29, 2025 - 14:44 vuln.today
Public exploit code
Added to CISA KEV
Oct 29, 2025 - 14:44 cisa
CISA KEV
CVE Published
Apr 09, 2019 - 21:29 nvd
HIGH 7.8

Tags

Windows

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0859.

Analysis

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in April 2019 as part of targeted APT exploit chains.

Technical Context

The Win32k vulnerability involves improper management of window objects in kernel memory. A crafted application triggers a condition allowing kernel memory corruption and token manipulation for privilege escalation.

Affected Products

['Multiple Windows versions affected']

Remediation

Apply Microsoft security update. Deploy Win32k attack surface reduction through Exploit Guard. Monitor for kernel exploitation indicators.

Priority Score

209
Low Medium High Critical
KEV: +50
EPSS: +89.8
CVSS: +39
POC: +20

Share

CVE-2019-0803 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy