CVE-2019-1365
Published: Oct 10, 2019
Modified: Aug 4, 2024
Description
An elevation of privilege vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of NT AUTHORITY\system escaping the Sandbox.The security update addresses the vulnerability by correcting how Microsoft IIS Server sanitizes web requests., aka 'Microsoft IIS Server Elevation of Privilege Vulnerability'.
| Vendor | Product | Versions |
|---|---|---|
Microsoft | Windows | affected 7 for 32-bit Systems Service Pack 1affected 7 for x64-based Systems Service Pack 1affected 8.1 for 32-bit systemsaffected 8.1 for x64-based systemsaffected RT 8.1+8 more versions |
Microsoft | Windows Server | affected 2008 R2 for x64-based Systems Service Pack 1 (Core installation)affected 2008 R2 for Itanium-Based Systems Service Pack 1affected 2008 R2 for x64-based Systems Service Pack 1affected 2008 for 32-bit Systems Service Pack 2 (Core installation)affected 2012+12 more versions |
Microsoft | Windows 10 Version 1903 for 32-bit Systems | affected unspecified |
Microsoft | Windows 10 Version 1903 for x64-based Systems | affected unspecified |
Microsoft | Windows 10 Version 1903 for ARM64-based Systems | affected unspecified |
Microsoft | Windows Server, version 1903 (Server Core installation) | affected unspecified |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now