PT-2019-3206 · Microsoft · Windows Text Services Framework+1

Tavis Ormandy

Publicado

2019-09-10

Atualizado

2020-08-24

CVE-2019-1235

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Text Service Framework (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability in the Windows Text Service Framework (TSF) due to insufficient validation of input or commands received by the TSF server process. This vulnerability can be exploited by an attacker to elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

RCE

Origin Validation Error

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-346

Identificadores relacionados

BDU:2019-03195

CVE-2019-1235

Produtos afetados

Windows

Windows Text Services Framework

PT-2019-3206 · Microsoft · Windows Text Services Framework+1

CVE-2019-1235

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6