CVE-2019-1235

HIGH

Microsoft Windows 10 - Origin Validation Error

Title source: rule

Description

An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives, aka 'Windows Text Service Framework Elevation of Privilege Vulnerability'.

References (1)

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 32.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-346
Status published

Affected Products (19)

microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
... and 4 more

Timeline

Published Sep 11, 2019
Tracked Since Feb 18, 2026