Lucene search
John SimpsonZDI-19-276HistoryMar 12, 2019 - 12:00 a.m.
Microsoft Windows Deployment Services TFTP Server Use-After-Free Remote Code Execution Vulnerability
2019-03-1200:00:00
John Simpson
www.zerodayinitiative.com
19
0.188 Low
EPSS
Percentile
96.3%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required to exploit this vulnerability. The specific flaw exists within WDSTFTP during TFTP read requests. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
mscve
mscve
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
2019-03-12 07:00:00
cve
cve
CVE-2019-0603
2019-04-08 23:29:00
prion
prion
Remote code execution
2019-04-08 23:29:00
symantec
symantec
nessus
nessus
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
2019-03-19 00:00:00
KB4489876: Windows Server 2008 March 2019 Security Update
2019-03-12 00:00:00
KB4489884: Windows Server 2012 March 2019 Security Update
2019-03-12 00:00:00
nvd
nvd
CVE-2019-0603
2019-04-08 23:29:00
cvelist
cvelist
CVE-2019-0603
2019-04-08 22:25:15
myhack58
myhack58
mskb
mskb
March 12, 2019âKB4489885 (Security-only update)
2019-03-12 07:00:00
March 12, 2019âKB4489884 (Security-only update)
2019-03-12 07:00:00
March 12, 2019âKB4489883 (Security-only update)
2019-03-12 07:00:00
kaspersky
kaspersky
KLA11876 Multiple vulnerabiltiies in Microsoft Products (ESU)
2019-03-12 00:00:00
KLA11438 Multiple vulnerabilities in Microsoft Windows
2019-03-12 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4489878)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489881)
2019-03-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4489882)
2019-03-13 00:00:00
talosblog
talosblog