CVE-2019-1385

HIGH Year: 2019
CVSS v3 Score
7.8
High
CVSS v2 Score
6.1
Medium
Weakness Type
CWE-59
View all →

Vulnerability Description

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

Related Vulnerabilities

CVE-2003-0578

HIGH
CVSS:7.8(High)

cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.

CWE-592003

CVE-2008-7273

HIGH
CVSS:7.8(High)

A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.

CWE-592008

CVE-2011-3618

HIGH
CVSS:7.8(High)

atop: symlink attack possible due to insecure tempfile handling

CWE-592011

CVE-2012-1093

HIGH
CVSS:7.8(High)

The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.

CWE-592012

CVE-2013-4364

HIGH
CVSS:7.8(High)

(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attac...

CWE-592013

CVE-2014-3219

HIGH
CVSS:7.8(High)

fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.

CWE-592014