{"containers": {"cna": {"affected": [{"product": "Windows Server", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "2012"}, {"status": "affected", "version": "2012 (Core installation)"}, {"status": "affected", "version": "2012 R2"}, {"status": "affected", "version": "2012 R2 (Core installation)"}, {"status": "affected", "version": "2016"}, {"status": "affected", "version": "2016  (Core installation)"}, {"status": "affected", "version": "version 1709  (Core Installation)"}, {"status": "affected", "version": "version 1803  (Core Installation)"}, {"status": "affected", "version": "2019"}, {"status": "affected", "version": "2019  (Core installation)"}]}, {"product": "Windows", "vendor": "Microsoft", "versions": [{"status": "affected", "version": "8.1 for 32-bit systems"}, {"status": "affected", "version": "8.1 for x64-based systems"}, {"status": "affected", "version": "RT 8.1"}, {"status": "affected", "version": "10 for 32-bit Systems"}, {"status": "affected", "version": "10 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1607 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1607 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1703 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1703 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1709 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1709 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1803 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1803 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1803 for ARM64-based Systems"}, {"status": "affected", "version": "10 Version 1809 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1809 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1809 for ARM64-based Systems"}, {"status": "affected", "version": "10 Version 1709 for ARM64-based Systems"}]}], "datePublic": "2019-03-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808."}], "problemTypes": [{"descriptions": [{"description": "Elevation of Privilege", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-09T02:34:55.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0797", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Windows Server", "version": {"version_data": [{"version_value": "2012"}, {"version_value": "2012 (Core installation)"}, {"version_value": "2012 R2"}, {"version_value": "2012 R2 (Core installation)"}, {"version_value": "2016"}, {"version_value": "2016  (Core installation)"}, {"version_value": "version 1709  (Core Installation)"}, {"version_value": "version 1803  (Core Installation)"}, {"version_value": "2019"}, {"version_value": "2019  (Core installation)"}]}}, {"product_name": "Windows", "version": {"version_data": [{"version_value": "8.1 for 32-bit systems"}, {"version_value": "8.1 for x64-based systems"}, {"version_value": "RT 8.1"}, {"version_value": "10 for 32-bit Systems"}, {"version_value": "10 for x64-based Systems"}, {"version_value": "10 Version 1607 for 32-bit Systems"}, {"version_value": "10 Version 1607 for x64-based Systems"}, {"version_value": "10 Version 1703 for 32-bit Systems"}, {"version_value": "10 Version 1703 for x64-based Systems"}, {"version_value": "10 Version 1709 for 32-bit Systems"}, {"version_value": "10 Version 1709 for x64-based Systems"}, {"version_value": "10 Version 1803 for 32-bit Systems"}, {"version_value": "10 Version 1803 for x64-based Systems"}, {"version_value": "10 Version 1803 for ARM64-based Systems"}, {"version_value": "10 Version 1809 for 32-bit Systems"}, {"version_value": "10 Version 1809 for x64-based Systems"}, {"version_value": "10 Version 1809 for ARM64-based Systems"}, {"version_value": "10 Version 1709 for ARM64-based Systems"}]}}]}, "vendor_name": "Microsoft"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "references": {"reference_data": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", "refsource": "CONFIRM", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:58:59.172Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-0797", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T16:19:00.882676Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0797"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T16:28:16.697Z"}}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0797", "datePublished": "2019-04-09T02:34:55.000Z", "dateReserved": "2018-11-26T00:00:00.000Z", "dateUpdated": "2025-02-07T16:28:16.697Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:58:59.172Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-0797", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-07T16:19:00.882676Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0797"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T16:18:21.497Z"}}], "cna": {"affected": [{"vendor": "Microsoft", "product": "Windows Server", "versions": [{"status": "affected", "version": "2012"}, {"status": "affected", "version": "2012 (Core installation)"}, {"status": "affected", "version": "2012 R2"}, {"status": "affected", "version": "2012 R2 (Core installation)"}, {"status": "affected", "version": "2016"}, {"status": "affected", "version": "2016  (Core installation)"}, {"status": "affected", "version": "version 1709  (Core Installation)"}, {"status": "affected", "version": "version 1803  (Core Installation)"}, {"status": "affected", "version": "2019"}, {"status": "affected", "version": "2019  (Core installation)"}]}, {"vendor": "Microsoft", "product": "Windows", "versions": [{"status": "affected", "version": "8.1 for 32-bit systems"}, {"status": "affected", "version": "8.1 for x64-based systems"}, {"status": "affected", "version": "RT 8.1"}, {"status": "affected", "version": "10 for 32-bit Systems"}, {"status": "affected", "version": "10 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1607 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1607 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1703 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1703 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1709 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1709 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1803 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1803 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1803 for ARM64-based Systems"}, {"status": "affected", "version": "10 Version 1809 for 32-bit Systems"}, {"status": "affected", "version": "10 Version 1809 for x64-based Systems"}, {"status": "affected", "version": "10 Version 1809 for ARM64-based Systems"}, {"status": "affected", "version": "10 Version 1709 for ARM64-based Systems"}]}], "datePublic": "2019-03-12T00:00:00.000Z", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Elevation of Privilege"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2019-04-09T02:34:55.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2012"}, {"version_value": "2012 (Core installation)"}, {"version_value": "2012 R2"}, {"version_value": "2012 R2 (Core installation)"}, {"version_value": "2016"}, {"version_value": "2016  (Core installation)"}, {"version_value": "version 1709  (Core Installation)"}, {"version_value": "version 1803  (Core Installation)"}, {"version_value": "2019"}, {"version_value": "2019  (Core installation)"}]}, "product_name": "Windows Server"}, {"version": {"version_data": [{"version_value": "8.1 for 32-bit systems"}, {"version_value": "8.1 for x64-based systems"}, {"version_value": "RT 8.1"}, {"version_value": "10 for 32-bit Systems"}, {"version_value": "10 for x64-based Systems"}, {"version_value": "10 Version 1607 for 32-bit Systems"}, {"version_value": "10 Version 1607 for x64-based Systems"}, {"version_value": "10 Version 1703 for 32-bit Systems"}, {"version_value": "10 Version 1703 for x64-based Systems"}, {"version_value": "10 Version 1709 for 32-bit Systems"}, {"version_value": "10 Version 1709 for x64-based Systems"}, {"version_value": "10 Version 1803 for 32-bit Systems"}, {"version_value": "10 Version 1803 for x64-based Systems"}, {"version_value": "10 Version 1803 for ARM64-based Systems"}, {"version_value": "10 Version 1809 for 32-bit Systems"}, {"version_value": "10 Version 1809 for x64-based Systems"}, {"version_value": "10 Version 1809 for ARM64-based Systems"}, {"version_value": "10 Version 1709 for ARM64-based Systems"}]}, "product_name": "Windows"}]}, "vendor_name": "Microsoft"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Elevation of Privilege"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-0797", "STATE": "PUBLIC", "ASSIGNER": "secure@microsoft.com"}}}}, "cveMetadata": {"cveId": "CVE-2019-0797", "state": "PUBLISHED", "dateUpdated": "2025-02-07T16:28:16.697Z", "dateReserved": "2018-11-26T00:00:00.000Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2019-04-09T02:34:55.000Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*", "matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*", "matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*", "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*", "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*", "matchCriteriaId": "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*", "matchCriteriaId": "8733BF37-7BF2-409D-9452-DA8A92DA1124", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "555C22C7-356D-4DA7-8CED-DA7423BBC6CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*", "matchCriteriaId": "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*", "matchCriteriaId": "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "40151476-C0FD-4336-8194-039E8827B7C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*", "matchCriteriaId": "D82F8AF7-ED01-4649-849E-F248F0E02384", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*", "matchCriteriaId": "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*", "matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*", "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*", "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_1709:-:*:*:*:*:*:*:*", "matchCriteriaId": "53695559-6E95-43C1-AD7C-1D99473223C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*", "matchCriteriaId": "37097C39-D588-4018-B94D-5EB87B1E3D5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0808."}, {"lang": "es", "value": "Existe una escalada de privilegios en Windows cuando el componente Win32k no gestiona correctamente los objetos de la memoria, tambi\u00e9n conocido como 'Win32k Elevation of Privilege Vulnerability'. Este CVE ID es \u00fanico de CVE-2019-0808."}], "id": "CVE-2019-0797", "lastModified": "2025-04-08T15:59:36.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-04-09T03:29:00.763", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0797"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}