CVE-2019-1458

Related Files

Ubuntu Security Notice USN-4684-1

Posted Jan 7, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4684-1 - Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary

systems | linux, ubuntu

advisories | CVE-2019-14562, CVE-2019-14584

SHA-256 | 5af732fb2ce6f70ae324866684e4024144404b6a5a8dcb452f1c2ceab674d105

Download | Favorite | View

Microsoft Windows Uninitialized Variable Local Privilege Escalation

Posted Oct 15, 2020

Authored by timwr, unamer, piotrflorczyk | Site metasploit.com

This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary code execution as the SYSTEM user. This module has been tested against Windows 7 x64 SP1. Offsets within the exploit code may need to be adjusted to work with other versions of Windows. The exploit can only be triggered once against the target and can cause the target machine to reboot when the session is terminated.

tags | exploit, arbitrary, kernel, code execution

systems | windows

advisories | CVE-2019-1458

SHA-256 | 965825e462e62b73a8b4edd4aeb9b9d17c52ab810644e44a21ae2613d7a92025

Download | Favorite | View

Ubuntu Security Notice USN-4349-1

Posted May 1, 2020

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4349-1 - A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. Various other issues were also addressed.

tags | advisory, denial of service, overflow, info disclosure

systems | linux, ubuntu

advisories | CVE-2018-12178, CVE-2018-12180, CVE-2018-12181, CVE-2019-14558, CVE-2019-14559, CVE-2019-14563, CVE-2019-14575, CVE-2019-14586, CVE-2019-14587

SHA-256 | d282093afc124fd962c25e4709dff829e5b67682fda67534d1dd484b4a6760a6

Download | Favorite | View

Microsoft Windows WizardOpium Local Privilege Escalation

Posted Mar 6, 2020

Authored by Piotr Florczyk

Microsoft Windows WizardOpium local privilege escalation exploit.

tags | exploit, local

systems | windows

advisories | CVE-2019-1458

SHA-256 | 8f4ff290f618c7ae82d5e4a5c6a3a8d15528402a776ef0a67b0092135caef4a2

Download | Favorite | View