CVE-2019-1083

HIGH

.NET Framework - Denial of Service via Improper Web Request Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1083. PoCs published by stevenseeley.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2019-1083, demonstrating arbitrary code execution via Exchange Server's FastManagementClient. The exploit leverages .NET assembly loading to instantiate a malicious gadget (RCEGadget) that executes arbitrary commands (e.g., launching calc.exe).

Description

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.

Exploits (1)

nomisec WORKING POC 3 stars

by stevenseeley · poc

https://github.com/stevenseeley/HowCVE-2019-1083Works

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-1083, demonstrating arbitrary code execution via Exchange Server's FastManagementClient. The exploit leverages .NET assembly loading to instantiate a malicious gadget (RCEGadget) that executes arbitrary commands (e.g., launching calc.exe).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Exchange Server (likely 2013/2016/2019)

No auth needed

Prerequisites: Access to Exchange Server with vulnerable FastManagementClient · Ability to place malicious DLL in a reachable path

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1083

Scores

CVSS v3 7.5

EPSS 0.0780

EPSS Percentile 93.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-19

Status published

Products (12)

microsoft/.net_framework 2.0 sp2

microsoft/.net_framework 3.0 sp2

microsoft/.net_framework 3.5

microsoft/.net_framework 4.7.2

microsoft/.net_framework 4.8

microsoft/.net_framework 3.5.1

microsoft/.net_framework 4.5.2

microsoft/.net_framework 4.6

microsoft/.net_framework 4.6.1

microsoft/.net_framework 4.6.2

... and 2 more

Published Jul 15, 2019

Tracked Since Feb 18, 2026