CVE-2019-1132

HIGH KEV

Windows 7 and Windows Server 2008 - Elevation of Privilege in Win32k Component

Title source: llm

Exploitation Summary

CVE-2019-1132 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 15, 2022. EIP tracks 4 public exploits from researchers including ShivamTrivedi, Vlad-tri, petercc.

AI-analyzed exploit summary This exploit targets CVE-2021-1732, a Windows Win32k privilege escalation vulnerability. It manipulates menu objects and window handles to achieve arbitrary memory writes, ultimately executing shellcode to steal a SYSTEM token.

Description

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.

Exploits (4)

exploitdb WORKING POC

by ShivamTrivedi · c++localwindows_x86

https://www.exploit-db.com/exploits/47176

View Code ZIP pw:eip

This exploit targets CVE-2021-1732, a Windows Win32k privilege escalation vulnerability. It manipulates menu objects and window handles to achieve arbitrary memory writes, ultimately executing shellcode to steal a SYSTEM token.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Microsoft Windows (Win32k.sys)

No auth needed

Prerequisites: Windows 7/10 environment · Local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 61 stars

by Vlad-tri · local

https://github.com/Vlad-tri/CVE-2019-1132

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-1132, a Windows kernel privilege escalation vulnerability. The exploit leverages menu handling in win32k to achieve arbitrary code execution in kernel mode, ultimately stealing a SYSTEM token for local privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Windows 7 x86 (build 7601 with June 2019 patches)

No auth needed

Prerequisites: Local access to a vulnerable Windows 7 x86 system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC 3 stars

by petercc · local

https://github.com/petercc/CVE-2019-1132

View Code ZIP pw:eip

This is a functional exploit for CVE-2019-1132, a Windows win32k privilege escalation vulnerability. The code manipulates window and menu objects to achieve arbitrary memory writes, leading to token theft for SYSTEM privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Microsoft Windows (win32k.sys)

No auth needed

Prerequisites: Windows 7 SP1 or other vulnerable versions · Local access to the system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 19, 2026 Full analysis →

patchapalooza NO CODE

by Ascotbe · local

https://github.com/Ascotbe/Kernelhub

View Code ZIP pw:eip

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1132

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132

Scores

CVSS v3 7.8

EPSS 0.3652

EPSS Percentile 97.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-15

VulnCheck KEV 2019-07-09

InTheWild.io 2019-07-09

ENISA EUVD EUVD-2019-9708

Status published

Products (3)

microsoft/windows_7

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

Published Jul 15, 2019

KEV Added Mar 15, 2022

Tracked Since Feb 18, 2026