How severe is CVE-2019-0986?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2019-0986?

This is classified as CWE-59, which is a common weakness in software security.

CVE-2019-0986 - HIGH Severity | CVSS 7.1

Vulnerability Description

An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks.

Related Vulnerabilities

CVE-2003-0844

HIGH

CVSS:7.1(High)

mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on pre...

CWE-592003

CVE-2004-0689

HIGH

CVSS:7.1(High)

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

CWE-592004

CVE-2010-2064

HIGH

CVSS:7.1(High)

rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.

CWE-592010

CVE-2011-3351

HIGH

CVSS:7.1(High)

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw...

CWE-592011

CVE-2011-3632

HIGH

CVSS:7.1(High)

Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks.

CWE-592011

CVE-2013-0159

HIGH

CVSS:7.1(High)

The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 and before 1-0.1.beta1.fc18 on Fedora 18 allows local users to cause a denial of service or write to arbitrary files via a symlin...

CWE-592013