CVE-2019-1364

HIGH

Windows 7 and Windows Server 2008 - Elevation of Privilege in Win32k Kernel-Mode Driver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-1364. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a pool-based buffer overflow in the Windows kernel (win32k.sys) triggered by a malformed TTF font file. The vulnerability leads to a PAGE_FAULT_IN_NONPAGED_AREA crash, potentially allowing remote code execution in kernel context.

Description

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdoswindows
https://www.exploit-db.com/exploits/47484

This exploit demonstrates a pool-based buffer overflow in the Windows kernel (win32k.sys) triggered by a malformed TTF font file. The vulnerability leads to a PAGE_FAULT_IN_NONPAGED_AREA crash, potentially allowing remote code execution in kernel context.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows 7, Windows Server 2008 R2 (64-bit)
No auth needed
Prerequisites: Access to load a malicious TTF font file on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0268
EPSS Percentile 83.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
microsoft/windows_7
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1 (2 CPE variants)
Published Oct 10, 2019
Tracked Since Feb 18, 2026