CVE-2019-1096

MEDIUM

Windows - Information Disclosure in win32k Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1096. PoCs published by CrackerCat.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2019-1096, a local privilege escalation vulnerability in Windows. The exploit leverages a memory corruption issue in the `PlgBlt` function when handling bitmaps with specific dimensions and layout settings.

Description

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

Exploits (1)

nomisec WORKING POC
by CrackerCat · poc
https://github.com/CrackerCat/cve-2019-1096-poc

The repository contains a functional proof-of-concept exploit for CVE-2019-1096, a local privilege escalation vulnerability in Windows. The exploit leverages a memory corruption issue in the `PlgBlt` function when handling bitmaps with specific dimensions and layout settings.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (multiple versions)
No auth needed
Prerequisites: Local access to a vulnerable Windows system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 5.5
EPSS 0.0483
EPSS Percentile 90.8%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (18)
microsoft/windows_10
microsoft/windows_10 1607
microsoft/windows_10 1703
microsoft/windows_10 1709
microsoft/windows_10 1803
microsoft/windows_10 1809
microsoft/windows_10 1903
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
... and 8 more
Published Jul 15, 2019
Tracked Since Feb 18, 2026