CVE-2019-0959

HIGH

Windows Common Log File System - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-0959. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a race condition in the Windows kernel's CmpAddRemoveContainerToCLFSLog function to create arbitrary directories via mount point abuse, leading to privilege escalation. It requires a race condition win between directory creation and deletion.

Description

An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system. The security update addresses the vulnerability by correcting how CLFS handles objects in memory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/47028

View Code ZIP pw:eip

This exploit leverages a race condition in the Windows kernel's CmpAddRemoveContainerToCLFSLog function to create arbitrary directories via mount point abuse, leading to privilege escalation. It requires a race condition win between directory creation and deletion.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Windows 10 1809

Auth required

Prerequisites: Windows 10 1809 · User-level access · Multi-core CPU for race condition

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0959

Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0959

Scores

CVSS v3 7.0

EPSS 0.0292

EPSS Percentile 85.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (6)

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

microsoft/windows_server_2019

Published Jun 12, 2019

Tracked Since Feb 18, 2026