CVE-2019-1476

HIGH

Windows AppXSVC - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-1476. PoCs published by Gabor Seljan, sgabe.

AI-analyzed exploit summary This is a detailed writeup describing the steps to exploit CVE-2019-1476, an elevation of privilege vulnerability in AppXSvc due to improper handling of file hard links. It allows a low-privileged user to overwrite arbitrary files, leading to denial of service or privilege escalation.

Description

An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.

Exploits (2)

exploitdb WRITEUP

by Gabor Seljan · textdoswindows

https://www.exploit-db.com/exploits/47768

View Code ZIP pw:eip

This is a detailed writeup describing the steps to exploit CVE-2019-1476, an elevation of privilege vulnerability in AppXSvc due to improper handling of file hard links. It allows a low-privileged user to overwrite arbitrary files, leading to denial of service or privilege escalation.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows 10 Version 1809 (17763.1.amd64fre.rs5_release.180914-1434)

Auth required

Prerequisites: Low-privileged user access · Ability to terminate Paint 3D processes · Ability to delete and create hard links in specific directories

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1484 - Domain or Tenant Policy Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 3 stars

by sgabe · poc

https://github.com/sgabe/CVE-2019-1476

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2019-1476, which leverages a hardlink attack to overwrite arbitrary files via the AppXSvc service. The exploit manipulates file attributes and process states to achieve a denial-of-service (DoS) condition.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows (AppXSvc service)

No auth needed

Prerequisites: Access to a vulnerable Windows system · Ability to execute arbitrary code on the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1476

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/155653/AppXSvc-17763-Arbitrary-File-Overwrite.html

Scores

CVSS v3 7.8

EPSS 0.0512

EPSS Percentile 91.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (11)

microsoft/windows_10 1607

microsoft/windows_10 1709

microsoft/windows_10 1803

microsoft/windows_10 1809

microsoft/windows_10 1903

microsoft/windows_10 1909

microsoft/windows_server_2016

microsoft/windows_server_2016 1803

microsoft/windows_server_2016 1903

microsoft/windows_server_2016 1909

... and 1 more

Published Dec 10, 2019

Tracked Since Feb 18, 2026