CVE-2019-0808
Describe
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'.
ImpactVersion
| Product | CPU Architecture | Version | Update | Tested |
|---|---|---|---|---|
| Windows Server 2008 | x64/x86 | SP2 | ||
| Windows Server 2008 | R2 | SP1 | ||
| Windows 7 | x64/x86 | SP1 |
Patch
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0808
Utilization
CompilerEnvironment
- Compile a bit problem
Test machine for Windows 7 SP1 X86
Analyze
- https://paper.seebug.org/856/
- https://xz.aliyun.com/t/5142
- http://www.lahonja.me/2019/10/10/CVE-2019-0808%E8%AF%A6%E7%BB%86%E5%88%86%E6%9E%90/
- https://blog.knownsec.com/2020/11/cve-2019-0808-%E4%BB%8E%E7%A9%BA%E6%8C%87%E9%92%88%E8%A7%A3%E5%BC%95%E7%94%A8%E5%88%B0%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/