CVE-2019-1315

HIGH KEV RANSOMWARE

Windows Error Reporting < - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.

Exploits (1)

nomisec WORKING POC 10 stars

by Mayter · poc

https://github.com/Mayter/CVE-2019-1315

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1315

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1315

Scores

CVSS v3 7.8

EPSS 0.0760

EPSS Percentile 91.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-03-15

VulnCheck KEV 2022-03-15

InTheWild.io 2022-03-15

ENISA EUVD EUVD-2019-9874

Ransomware Use Confirmed

CWE

CWE-59

Status published

Products (15)

microsoft/windows_10_1607

microsoft/windows_10_1703

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_10_1903

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

... and 5 more

Published Oct 10, 2019

KEV Added Mar 15, 2022

Tracked Since Feb 18, 2026