PT-2019-2468 · Microsoft · Windows Event Viewer+1

Sooraj K S

Published

2019-06-11

Updated

2025-03-23

CVE-2019-0948

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Windows Event Viewer (eventvwr.msc) (affected versions not specified)

Description The issue is related to an information disclosure problem in the Windows Event Viewer, which improperly handles XML input. This can be exploited by an attacker using a specially crafted XML file to read arbitrary files, potentially allowing access to sensitive information. The vulnerability is associated with the improper parsing of XML input containing a reference to an external entity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XXE

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611CWE-200

Related Identifiers

BDU:2019-02246

CVE-2019-0948

ZDI-19-641

Affected Products

Windows

Windows Event Viewer

PT-2019-2468 · Microsoft · Windows Event Viewer+1

CVE-2019-0948

Weakness Enumeration

Related Identifiers

Affected Products

References · 10