CVE-2019-1169

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka ‘Win32k Elevation of Privilege Vulnerability’.

Recent assessments:

tekwizz123 at March 20, 2020 4:16pm UTC reported:

Wrote up a full analysis of this bug in two parts at <https://versprite.com/blog/security-research/cve-2019-1169-vulnerability-windows/&gt;. I believe that in reality CVE-2019-1169 actually covers several vulnerabilities, as if one looks at ZDI’s advisory at <https://www.zerodayinitiative.com/advisories/ZDI-19-709/&gt; they can see that one of the bugs covered by CVE-2019-1169 is actually an information leak.

My blog post covers this information leak which is exploitable by attackers who have some knowledge of how Windows messages work and how windows hooks and event hooks operate. Exploiting the vulnerability is only possible on Windows 7 x86 and prior as it is a NULL pointer dereference vulnerability, however successful exploitation results in the ability to read a DWORD worth of information at two arbitrary addresses in kernel memory per exploitation attempt.

I have also written up exploit code which will trigger this info leak vulnerability, which is available at <https://github.com/VerSprite/research/tree/master/exploits/Ndays/CVE-2019-1169&gt;

Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 3