CVE-2019-1184

MEDIUM

Windows Core Shell COM Server Registrar - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1184. PoCs published by 0vercl0k.

AI-analyzed exploit summary This exploit leverages a COM object (CoreShellComServerRegistrar) to escalate privileges by obtaining a handle to the sihost.exe process with PROCESS_ALL_ACCESS rights. It then injects shellcode to spawn calc.exe, demonstrating a local privilege escalation (LPE) vulnerability.

Description

An elevation of privilege vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting unprotected COM calls.

Exploits (1)

exploitdb WORKING POC

by 0vercl0k · localwindows

https://www.exploit-db.com/exploits/47880

View Code ZIP pw:eip

This exploit leverages a COM object (CoreShellComServerRegistrar) to escalate privileges by obtaining a handle to the sihost.exe process with PROCESS_ALL_ACCESS rights. It then injects shellcode to spawn calc.exe, demonstrating a local privilege escalation (LPE) vulnerability.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 (specific versions affected by CVE-2019-1184)

Auth required

Prerequisites: Local access to a vulnerable Windows system · Ability to instantiate the vulnerable COM object

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1184

Scores

CVSS v3 6.7

EPSS 0.7023

EPSS Percentile 99.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (6)

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

microsoft/windows_server_2019

Published Aug 14, 2019

Tracked Since Feb 18, 2026