CVE-2019-0948

MEDIUM EXPLOITED

Windows Event Viewer - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/40863

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0948

[Vendor Advisory] https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0948

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-19-641/

Scores

CVSS v3 4.7

EPSS 0.4225

EPSS Percentile 97.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2024-05-06

CWE

CWE-611

Status published

Products (18)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Jun 12, 2019

Tracked Since Feb 18, 2026