CVE-2019-0623

HIGH EXPLOITED

Windows - Elevation of Privilege in Win32k Component

Title source: llm

Exploitation Summary

CVE-2019-0623 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Anti-ghosts, Ascotbe.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2019-0623, a Windows local privilege escalation vulnerability. The code demonstrates memory manipulation techniques to achieve privilege escalation by exploiting session pool allocations and GDI object handling.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Exploits (2)

nomisec WORKING POC 1 stars

by Anti-ghosts · local

https://github.com/Anti-ghosts/CVE-2019-0623-32-exp

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2019-0623, a Windows local privilege escalation vulnerability. The code demonstrates memory manipulation techniques to achieve privilege escalation by exploiting session pool allocations and GDI object handling.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Windows 7/10 (32-bit)

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

patchapalooza WRITEUP

by Ascotbe · local

https://github.com/Ascotbe/Kernelhub

View Code ZIP pw:eip

This repository contains documentation and configuration scripts for a collection of Windows exploits, including CVE-2003-0352, CVE-2006-3439, CVE-2008-1084, and others. It includes Python scripts for generating documentation and organizing exploit information, but no actual exploit code for CVE-2019-0623.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Windows

No auth needed

Prerequisites: None

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106891

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0623

Scores

CVSS v3 7.8

EPSS 0.3423

EPSS Percentile 97.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-06-28

Status published

Products (15)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

... and 5 more

Published Mar 05, 2019

Tracked Since Feb 18, 2026