CVE-2019-1423
HIGHWindows 10 - Elevation of Privilege via StartTileData.dll File Creation
Title source: llmDescription
An elevation of privilege vulnerability exists in the way that the StartTileData.dll handles file creation in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1420, CVE-2019-1422.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1423
Third Party Advisory x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-978/
Scores
CVSS v3
7.8
EPSS
0.0133
EPSS Percentile
67.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-59
Status
published
Products (1)
microsoft/windows_10
1903
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026