目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2019-0948— Microsoft Windows Event Viewer 代码问题漏洞

CVSS 4.7 · Medium EPSS 42.25% · P97
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2019-0948の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Windows Event Viewer Information Disclosure Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Microsoft Windows Event Viewer 代码问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Microsoft Windows和Microsoft Windows Server都是美国微软(Microsoft)公司的产品。Microsoft Windows是一套个人设备使用的操作系统。Microsoft Windows Server是一套服务器操作系统。Windows Event Viewer是其中的一个事件查看器。 Microsoft Windows Event Viewer (eventvwr.msc)中存在代码问题漏洞。该漏洞源于网络系统或产品的代码开发过程中存在设计或实现不当的问题。以下
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
MicrosoftWindows 10 Version 1803 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1709 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1809 10.0.17763.0 ~ publication -
MicrosoftWindows 10 Version 1809 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1903 for 32-bit Systems 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1903 for ARM64-based Systems 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1709 for 32-bit Systems 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1903 for x64-based Systems 10.0.0 ~ publication -
MicrosoftWindows Server, version 1803 (Server Core Installation) 10.0.0 ~ publication -
MicrosoftWindows Server 2019 10.0.17763.0 ~ publication -
MicrosoftWindows Server, version 1903 (Server Core installation) 10.0.0 ~ publication -
MicrosoftWindows Server 2019 (Server Core installation) 10.0.17763.0 ~ publication -
MicrosoftWindows 8.1 6.3.0 ~ publication -
MicrosoftWindows Server 2008 Service Pack 2 (Server Core installation) 6.0.6003.0 ~ publication -
MicrosoftWindows 7 6.1.0 ~ publication -
MicrosoftWindows 7 Service Pack 1 6.1.0 ~ publication -
MicrosoftWindows Server 2008 Service Pack 2 6.0.0 ~ publication -
MicrosoftWindows Server 2008 R2 Systems Service Pack 1 6.1.0 ~ publication -
MicrosoftWindows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.0 ~ publication -
MicrosoftWindows Server 2008 Service Pack 2 6.0.6003.0 ~ publication -
MicrosoftWindows Server 2008 Service Pack 2 6.0.6003.0 ~ publication -
MicrosoftWindows Server 2008 R2 Service Pack 1 6.1.7601.0 ~ publication -
MicrosoftWindows Server 2012 6.2.9200.0 ~ publication -
MicrosoftWindows Server 2012 (Server Core installation) 6.2.9200.0 ~ publication -
MicrosoftWindows Server 2012 R2 6.3.9600.0 ~ publication -
MicrosoftWindows Server 2012 R2 (Server Core installation) 6.3.9600.0 ~ publication -
MicrosoftWindows 10 Version 1607 10.0.14393.0 ~ publication -
MicrosoftWindows 10 Version 1703 10.0.0 ~ publication -
MicrosoftWindows 10 Version 1507 10.0.10240.0 ~ publication -
MicrosoftWindows Server 2016 (Server Core installation) 10.0.14393.0 ~ publication -
MicrosoftWindows Server 2016 10.0.14393.0 ~ publication -

II. CVE-2019-0948の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2019-0948のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · Microsoft · 2019-06-12 · 88 CVEs total

CVE-2019-07228.8 HIGHWindows Hyper-V Remote Code Execution Vulnerability
CVE-2019-08888.8 HIGHActiveX Data Objects (ADO) Remote Code Execution Vulnerability
CVE-2019-10198.5 HIGHMicrosoft Windows Security Feature Bypass Vulnerability
CVE-2019-10697.8 HIGHTask Scheduler Elevation of Privilege Vulnerability
CVE-2019-10227.8 HIGHWindows Audio Service Elevation of Privilege Vulnerability
CVE-2019-10647.8 HIGHWindows Elevation of Privilege Vulnerability
CVE-2019-09987.8 HIGHWindows Storage Service Elevation of Privilege Vulnerability
CVE-2019-09857.8 HIGHMicrosoft Speech API Remote Code Execution Vulnerability
CVE-2019-10077.8 HIGHWindows Audio Service Elevation of Privilege Vulnerability
CVE-2019-10217.8 HIGHWindows Audio Service Elevation of Privilege Vulnerability
CVE-2019-10657.8 HIGHWindows Kernel Elevation of Privilege Vulnerability
CVE-2019-09837.8 HIGHWindows Storage Service Elevation of Privilege Vulnerability
CVE-2019-09077.8 HIGHJet Database Engine Remote Code Execution Vulnerability
CVE-2019-10267.8 HIGHWindows Audio Service Elevation of Privilege Vulnerability
CVE-2019-10277.8 HIGHWindows Audio Service Elevation of Privilege Vulnerability
CVE-2019-10287.8 HIGHWindows Audio Service Elevation of Privilege Vulnerability
CVE-2019-09087.8 HIGHJet Database Engine Remote Code Execution Vulnerability
CVE-2019-09747.8 HIGHJet Database Engine Remote Code Execution Vulnerability
CVE-2019-09737.8 HIGHWindows Installer Elevation of Privilege Vulnerability
CVE-2019-10457.8 HIGHWindows Network File System Elevation of Privilege Vulnerability

Showing 20 of 88 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: Windows 10 Version 1803
同じベンダー: Microsoft

V. CVE-2019-0948へのコメント

まだコメントはありません

コメントを残す