CVE-2019-0859

ENISA EUVD: EUVD-2019-1610 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 5, 2026 4 articles Published: 2019-04-09
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
10.64%
probability
This CVE has a 10.64% probability of being exploited in the next 30 days.
0% Top 93.4th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

7.2
HIGH
Access Vector
Local
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0685, CVE-2019-0803.

Affected Products

Microsoft
Windows
7 for 32-bit Systems Service Pack 1 7 for x64-based Systems Service Pack 1 8.1 for 32-bit systems 8.1 for x64-based systems RT 8.1 10 for 32-bit Systems
Microsoft
Windows Server
2008 R2 for x64-based Systems Service Pack 1 (Core installation) 2008 R2 for Itanium-Based Systems Service Pack 1 2008 R2 for x64-based Systems Service Pack 1 2008 for 32-bit Systems Service Pack 2 (Core installation) 2012 2012 (Core installation)

Google Project Zero

Discovered
March 17, 2019
Patched
April 9, 2019
Reported by
Vasily Berdnikov & Boris Larin of Kaspersky Lab
Root Cause Analysis
???

Exploits & PoC

Sheisback/CVE-2019-0859-1day-Exploit

CVE-2019-0859 1day Exploit

118 2020-02-11
1 repo — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
95%
EPSS 10.64%
CVSS v3.1 7.8
Mentions 4
Last Seen Apr 15, 2019

CNA Information

CNA Assigner
microsoft

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 4

Turla Group
apt_group Information theft and espionage Russian Federation
APT 29
apt_group Information theft and espionage 🇷🇺 RU
Careto
apt_group Information theft and espionage 🇪🇸 ES
Roaming Mantis
apt_group 🇯🇵 JP

Triage Info

Decided atMar 05, 2026
Published DateApr 09, 2019