PT-2019-3050 · Microsoft · Windows Subsystem For Linux+1

Guo Zhipan

Publicado

2019-08-13

Atualizado

2024-07-03

CVE-2019-1185

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Subsystem for Linux (WSL) (affected versions not specified)

Description The issue is related to insufficient access control in the Windows Subsystem for Linux, which can be exploited to elevate privileges and execute arbitrary code using a specially crafted application. A locally authenticated attacker could exploit this by running such an application, potentially allowing them to execute code with elevated permissions. The vulnerability is due to a stack corruption in Windows Subsystem for Linux.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Stack Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-264

Identificadores relacionados

BDU:2019-03032

CVE-2019-1185

Produtos afetados

Windows

Windows Subsystem For Linux

PT-2019-3050 · Microsoft · Windows Subsystem For Linux+1

CVE-2019-1185

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6