Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiLucas Leong (@_wmliang_)ZDI-19-189
HistoryFeb 12, 2019 - 12:00 a.m.

Microsoft HID Driver Out-of-Bounds Read Information Disclosure Vulnerability

2019-02-1200:00:00
Lucas Leong (@_wmliang_)
www.zerodayinitiative.com
23

EPSS

0.005

Percentile

76.0%

JSON

This vulnerability allows attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists in the hidparse.sys driver, within function HidPParseCollections call. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges in the context of the kernel.

Related

mskb 16
mscve 1
symantec 1
prion 2
cve 2
nvd 2
cvelist 2
nessus 10
openvas 16
kaspersky 2
talosblog 1
mskb
mskb
Description of the security update for the information disclosure vulnerability in Windows Embedded POSReady 2009: March 12, 2019
2019-03-12 00:00:00
Description of the security update for the information disclosure vulnerability in Windows Embedded POSReady 2009: February 12, 2019
2019-02-07 00:00:00
March 12, 2019—KB4489885 (Security-only update)
2019-03-12 07:00:00
mscve
mscve
HID Information Disclosure Vulnerability
2019-02-12 08:00:00
symantec
symantec
Microsoft Windows Human Interface Devices CVE-2019-0601 Local Information Disclosure Vulnerability
2019-02-12 00:00:00
prion
prion
Information disclosure
2019-03-05 23:29:00
Information disclosure
2019-03-05 23:29:00
cve
cve
CVE-2019-0601
2019-03-06 00:00:00
CVE-2019-0600
2019-03-06 00:00:00
nvd
nvd
CVE-2019-0600
2019-03-05 23:29:00
CVE-2019-0601
2019-03-05 23:29:00
cvelist
cvelist
CVE-2019-0600
2019-03-06 00:00:00
CVE-2019-0601
2019-03-06 00:00:00
nessus
nessus
KB4487019: Windows Server 2008 February 2019 Security Update
2019-02-12 00:00:00
KB4487028: Windows 8.1 and Windows Server 2012 R2 February 2019 Security Update
2019-02-12 00:00:00
KB4487017: Windows 10 Version 1803 and Windows Server Version 1803 February 2019 Security Update
2019-02-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4486563)
2019-02-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4487000)
2019-02-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489878)
2019-03-13 00:00:00
kaspersky
kaspersky
KLA11879 Multiple vulnerabiltiies in Microsoft Products (ESU)
2019-02-12 00:00:00
KLA11418 Multiple vulnerabilities in Microsoft Windows
2019-02-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage
2019-02-12 11:55:00

EPSS

0.005

Percentile

76.0%

JSON
Related for ZDI-19-189
mskb16mscve1symantec1prion2cve2nvd2cvelist2nessus10openvas16kaspersky2talosblog1