CVE-2019-0797
HIGH KEVWindows - Elevation of Privilege in Win32k Component
Title source: llmExploitation Summary
CVE-2019-0797 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808.
References (2)
Core 2
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0797
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797
Scores
CVSS v3
7.8
EPSS
0.0449
EPSS Percentile
89.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2019-02-22
InTheWild.io
2019-02-22
ENISA EUVD
EUVD-2019-1553
Status
published
Products (14)
microsoft/windows_10_1507
(2 CPE variants)
microsoft/windows_10_1607
(2 CPE variants)
microsoft/windows_10_1703
(2 CPE variants)
microsoft/windows_10_1709
(3 CPE variants)
microsoft/windows_10_1803
(3 CPE variants)
microsoft/windows_10_1809
(3 CPE variants)
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_1709
microsoft/windows_server_1803
... and 4 more
Published
Apr 09, 2019
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026