CVE-2019-18915

HIGH

HP System Event Utility <1.4.33 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-18915. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a detailed writeup describing a local privilege escalation vulnerability in HP System Event Utility (CVE-2019-18915). The vulnerability allows arbitrary code execution with SYSTEM privileges if an attacker can place an executable named 'Program.exe' in the user's C:\ drive.

Description

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service.

Exploits (1)

exploitdb WRITEUP VERIFIED
by hyp3rlinx · textlocalwindows
https://www.exploit-db.com/exploits/48057

This is a detailed writeup describing a local privilege escalation vulnerability in HP System Event Utility (CVE-2019-18915). The vulnerability allows arbitrary code execution with SYSTEM privileges if an attacker can place an executable named 'Program.exe' in the user's C:\ drive.

Classification
Writeup 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: HP System Event Utility (HPMSGSVC.exe)
Auth required
Prerequisites: Local access to the system · Ability to write to the C:\ drive
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.hp.com/us-en/document/c06559359
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Feb/8

Scores

CVSS v3 7.8
EPSS 0.0148
EPSS Percentile 70.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-428
Status published
Products (1)
hp/system_event_utility < 1.4.33
Published Feb 13, 2020
Tracked Since Feb 18, 2026