VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 12, 2019· Updated May 20, 2025

Windows Installer Elevation of Privilege Vulnerability

CVE-2019-0973

Description

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.

Affected products

29
  • Microsoft/Windows 10 1507cpe-rescue
    Range: 10.0.10240.0
  • Microsoft/Windows 10 1607cpe-rescue
    Range: 10.0.14393.0
  • Microsoft/Windows 10 1703cpe-rescue
    Range: 10.0.0
  • Microsoft/Windows Server version 1709cpe-rescue
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1709 for 32-bit Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1803v5
    Range: 10.0.0
  • Microsoft/Windows 10 1809cpe-rescue
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1903 for 32-bit Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 10 Version 1903 for x64-based Systemsv5
    Range: 10.0.0
  • Microsoft/Windows 7cpe-rescue
    Range: 6.1.0
  • Microsoft/Windows CSC Servicecpe-rescue
    Range: 6.1.0
  • Microsoft/Windows 8.1cpe-rescue
    Range: 6.3.0
  • Microsoft/Windows Server 2008cpe-rescue3 versions
    6.1.7601.0+ 2 more
    • (no CPE)range: 6.1.7601.0
    • (no CPE)range: 6.0.0
    • (no CPE)range: 6.0.6003.0
  • Microsoft/Windows Server 2008 R2 Service Pack 1 (Server Core installation)v5
    Range: 6.1.7601.0
  • Microsoft/Windows Server 2008 R2 Systems Service Pack 1v5
    Range: 6.1.0
  • Microsoft/Windows Server 2008 Service Pack 2 (Server Core installation)v5
    Range: 6.0.6003.0
  • Microsoft/Windows Server 2012cpe-rescue2 versions
    6.2.9200.0+ 1 more
    • (no CPE)range: 6.2.9200.0
    • (no CPE)range: 6.3.9600.0
  • Microsoft/Windows Server 2012 R2 (Server Core installation)v5
    Range: 6.3.9600.0
  • Microsoft/Windows Server 2012 (Server Core installation)v5
    Range: 6.2.9200.0
  • Microsoft/Windows Server 2016cpe-rescue
    Range: 10.0.14393.0
  • Microsoft/Windows Server 2016 (Server Core installation)v5
    Range: 10.0.14393.0
  • Microsoft/Windows Server 2019cpe-rescue
    Range: 10.0.17763.0
  • Microsoft/Windows Server 2019 (Server Core installation)v5
    Range: 10.0.17763.0
  • Microsoft/Windows Server, version 1803 (Server Core Installation)v5
    Range: 10.0.0
  • Microsoft/Windows Server, version 1903 (Server Core installation)v5
    Range: 10.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.