CVE-2019-1163

MEDIUM

Windows - Code Injection

Title source: llm

Description

A security feature bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature. To exploit the vulnerability, an attacker could modify a signed CAB file and inject malicious code. The attacker could then convince a target user to execute the file. The update addresses the vulnerability by correcting how Windows validates file signatures.

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1163

Scores

CVSS v3 5.5

EPSS 0.0224

EPSS Percentile 84.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-354

Status published

Products (11)

microsoft/windows_10

microsoft/windows_10 1607

microsoft/windows_10 1703

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_server_2016

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

... and 1 more

Published Aug 14, 2019

Tracked Since Feb 18, 2026