CVE-2019-1315

HIGH KEV RANSOMWARE

Windows Error Reporting < - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2019-1315 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 15, 2022, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including Mayter.

AI-analyzed exploit summary This repository contains a functional PowerShell exploit for CVE-2019-1315, leveraging Windows Error Reporting (WER) to achieve arbitrary file move and local privilege escalation via symbolic link manipulation and oplock abuse.

Description

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

Exploits (1)

nomisec WORKING POC 10 stars

by Mayter · poc

https://github.com/Mayter/CVE-2019-1315

View Code ZIP pw:eip

This repository contains a functional PowerShell exploit for CVE-2019-1315, leveraging Windows Error Reporting (WER) to achieve arbitrary file move and local privilege escalation via symbolic link manipulation and oplock abuse.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Windows 10 1903 (Windows Error Reporting Manager)

Auth required

Prerequisites: NtApiDotNet library · Valid Report.wer file · Local access to the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315

Scores

CVSS v3 7.8

EPSS 0.0348

EPSS Percentile 87.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-03-15

VulnCheck KEV 2022-03-15

InTheWild.io 2022-03-15

ENISA EUVD EUVD-2019-9874

Ransomware Use Confirmed

CWE

CWE-59

Status published

Products (15)

microsoft/windows_10_1607

microsoft/windows_10_1703

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_10_1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

... and 5 more

Published Oct 10, 2019

KEV Added Mar 15, 2022

Tracked Since Feb 18, 2026