PT-2019-3192 · Microsoft · Compatibility Appraiser+1

Published

2019-09-10

Updated

2021-07-21

CVE-2019-1267

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Compatibility Appraiser (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability in Microsoft Compatibility Appraiser. It involves errors in handling symbolic links, which can be exploited by an attacker to elevate their privileges using a specially crafted application. The vulnerability can be exploited locally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Link Following

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-269

Related Identifiers

BDU:2019-03181

CVE-2019-1267

Affected Products

Compatibility Appraiser

Windows

PT-2019-3192 · Microsoft · Compatibility Appraiser+1

CVE-2019-1267

Weakness Enumeration

Related Identifiers

Affected Products

References · 6