Rewterz Threat Advisory – CVE-2019-0231 – Apache MINA Information Disclosure Vulnerability
April 16, 2019Rewterz Threat Advisory – CVE-2019-0232 – Apache Tomcat CGI Servlet Arbitrary Code Execution Vulnerability
April 16, 2019Rewterz Threat Advisory – CVE-2019-0231 – Apache MINA Information Disclosure Vulnerability
April 16, 2019Rewterz Threat Advisory – CVE-2019-0232 – Apache Tomcat CGI Servlet Arbitrary Code Execution Vulnerability
April 16, 2019Severity
Medium
Analysis Summary
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
Impact
- Privilege escalation
- Arbitrary code execution
Affected Vendors
Microsoft
Affected Products
Windows
Remediation
Vendor has released updates for the following vulnerability which can be downloaded from their official website.