CVE-2019-1388

HIGH KEV RANSOMWARE

Windows Certificate Dialog - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.

Exploits (5)

nomisec WRITEUP 192 stars

by jas502n · poc

https://github.com/jas502n/CVE-2019-1388

View Code ZIP pw:eip

nomisec SUSPICIOUS 73 stars

by sv3nbeast · poc

https://github.com/sv3nbeast/CVE-2019-1388

View Code ZIP pw:eip

nomisec WRITEUP 20 stars

by nobodyatall648 · local

https://github.com/nobodyatall648/CVE-2019-1388

View Code ZIP pw:eip

nomisec STUB 6 stars

by suprise4u · poc

https://github.com/suprise4u/CVE-2019-1388

View Code ZIP pw:eip

nomisec STUB

by jaychouzzk · poc

https://github.com/jaychouzzk/CVE-2019-1388

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388

[Third Party Advisory] https://www.zerodayinitiative.com/advisories/ZDI-19-975/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1388

Scores

CVSS v3 7.8

EPSS 0.0750

EPSS Percentile 91.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2023-04-07

VulnCheck KEV 2022-03-24

InTheWild.io 2022-01-27

ENISA EUVD EUVD-2019-9945

Ransomware Use Confirmed

Classification

CWE

CWE-269

Status published

Affected Products (28)

microsoft/windows_10_1507

microsoft/windows_10_1607

microsoft/windows_10_1709

microsoft/windows_10_1803

microsoft/windows_10_1809

microsoft/windows_10_1903

... and 13 more

Timeline

Published Nov 12, 2019

KEV Added Apr 07, 2023

Tracked Since Feb 18, 2026