CVE-2019-0881

HIGH

Windows Kernel - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0881. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages a flaw in Windows Registry Virtualization where CmKeyBodyRemapToVirtualForEnum opens the real key without security checks, allowing arbitrary key enumeration. By manipulating symbolic links and virtualized keys, a normal user can escalate privileges to access restricted registry hives like SAM.

Description

An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocalwindows

https://www.exploit-db.com/exploits/46912

View Code ZIP pw:eip

The exploit leverages a flaw in Windows Registry Virtualization where CmKeyBodyRemapToVirtualForEnum opens the real key without security checks, allowing arbitrary key enumeration. By manipulating symbolic links and virtualized keys, a normal user can escalate privileges to access restricted registry hives like SAM.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 1809 (and potentially earlier versions)

Auth required

Prerequisites: Access to a writable virtualizable key in HKLM (e.g., HKLM\SOFTWARE\Microsoft\DRM) · Ability to create symbolic links in the registry · User-level access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1112 - Modify Registry

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0881

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/152988/Microsoft-Windows-CmKeyBodyRemapToVirtualForEnum-Arbitrary-Key-Enumeration.html

Scores

CVSS v3 7.8

EPSS 0.0264

EPSS Percentile 83.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (18)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published May 16, 2019

Tracked Since Feb 18, 2026