{"vulnerability": "CVE-2019-1215", "sightings": [{"uuid": "23b55069-2b59-4e65-9bf9-00b146135901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "96a56d59-7e1e-40bb-9542-1fc5cb8cc677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:18.000000Z"}, {"uuid": "4b16ab7a-ec00-4e6b-9392-263f4660d49d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971003", "content": "", "creation_timestamp": "2024-12-24T20:22:54.859424Z"}, {"uuid": "fc3fe053-677b-4d7d-b388-8594b379d61c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:42.000000Z"}, {"uuid": "4267af69-a3dd-4cea-9821-09026595514b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7583", "content": "Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability. \n\nhttps://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/\n\n#re #expdev #uaf #windows #darw1n", "creation_timestamp": "2020-01-09T10:52:05.000000Z"}, {"uuid": "44833cc4-200b-4ef1-9a6b-5c005609ee32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:54.000000Z"}, {"uuid": "de29d7cb-dd2e-4553-a2b2-2a0afa0145bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-1215", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f70f89eb-99cf-4819-a919-397f5419c8e1", "content": "", "creation_timestamp": "2026-02-02T12:28:53.433788Z"}, {"uuid": "c92e267d-fe5f-4f10-bb73-8be2b6eb4fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=419", "content": "", "creation_timestamp": "2019-09-11T04:00:00.000000Z"}, {"uuid": "46f06ff9-c62f-4beb-9ac5-69c50770dc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://gist.github.com/ryukk33/79a78fbc75ee9f3cf3a6fc1504681717", "content": "", "creation_timestamp": "2026-01-22T14:43:48.000000Z"}, {"uuid": "79b8155f-f8b3-4df1-a3d3-5773f8bab245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7570", "content": "https://github.com/bluefrostsecurity/CVE-2019-1215/", "creation_timestamp": "2020-01-08T08:57:51.000000Z"}, {"uuid": "34f2dce7-503b-4f96-9a7d-e1214fb435dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/350", "content": "CVE-20190-1215 ws2ifsl.sys UAF exploit for Windows 10 19H1 x64\n\nThis exploit uses the recently patched use after free vulnerability CVE-2019-1215 in ws2ifsl.sys to achieve local privilege escalation. The exploit targets Windows 10 19H1 (1901) x64 and demonstrates how to bypass kASLR, kCFG and SMEP. When executing the exploit with medium integrity privileges, successful exploitation spawns a new cmd.exe with system privileges.\n\nhttps://github.com/bluefrostsecurity/CVE-2019-1215\n#exploit #windows #LPE", "creation_timestamp": "2020-01-09T13:58:49.000000Z"}, {"uuid": "36adcc69-ad55-4046-a819-d40f65362a7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/N0iSeBit/325", "content": "\u041f\u043e\u0441\u043b\u0435 \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e/\u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e\u0433\u043e diff \u0430\u043d\u0430\u043b\u0438\u0437\u0430 CVE-2019-1215 - \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043a\u0430\u043a double-free", "creation_timestamp": "2019-09-12T08:28:51.000000Z"}, {"uuid": "0d5594fc-98e6-4bb7-a25f-c3ea72e24d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/N0iSeBit/324", "content": "\u0441\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0447\u0442\u043e \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u043b\u0430\u0441\u0441\u0430 LPE (\u043f\u043e\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u0432\u0441\u044e \u043b\u0438\u043d\u0435\u0439\u043a\u0443 Windows) \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 (\u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0442 ZDI) (\u043f\u043e\u043a\u0430 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0442 \u043a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e):\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215", "creation_timestamp": "2019-09-12T08:23:57.000000Z"}, {"uuid": "45b12c0f-6586-49dc-88d4-5109106fbe85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/N0iSeBit/361", "content": "\u0410\u043d\u0430\u043b\u0438\u0437 Windows kernel ws2ifsl use-after-free (CVE-2019-1215) \u0443\u0447\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\nhttps://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/\n\nPoC: https://github.com/bluefrostsecurity/CVE-2019-1215", "creation_timestamp": "2020-01-07T19:12:16.000000Z"}, {"uuid": "573adc5f-319c-409b-b96f-fa6ea834a015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/R0_Crew/1388", "content": "Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability. \n\nhttps://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/\n\n#re #expdev #uaf #windows #darw1n", "creation_timestamp": "2020-01-10T16:39:10.000000Z"}, {"uuid": "5675c5ce-ad5b-4e03-98f1-d905c4833ad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/970", "content": "\u0427\u0442\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u043e, \u043f\u0430\u0442\u0447\u0438 \u0438\u0437 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f CVE-2019-1215, \u043a\u043e\u0442\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Winsock (ws2ifsl.sys), \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u0418\u0437 \u043e\u0431\u0449\u0435\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0434\u044b\u0440 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435, 17 \u0431\u044b\u043b\u0438 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u201c\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\", \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 Windows, Edge, SharePoint, Azure DevOps Server (ADO) \u0438 Team Foundation Server (TFS):\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573", "creation_timestamp": "2019-09-11T18:29:45.000000Z"}, {"uuid": "b316f418-1174-4d9b-819d-bc5ce58dcc3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/531", "content": "#exploit\n1. CVE-2019-1132:\nWin32k EoP Vulnerability (Win7 7601)\nhttps://github.com/Vlad-tri/CVE-2019-1132\nhttps://github.com/petercc/CVE-2019-1132\n\n2. CVE-2019-1215:\nEoP vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory\nhttps://github.com/bluefrostsecurity/CVE-2019-1215 \n\n3. CVE-2019-1218:\nA spoofing vulnerability exists in the way MS Outlook iOS software parses specifically crafted email messages (Outlook iOS Spoofing)\nhttps://github.com/d0gukank/CVE-2019-1218", "creation_timestamp": "2024-10-08T20:48:11.000000Z"}, {"uuid": "5fd20272-651e-4970-bf6d-9b62630f3275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/information_security_channel/30889", "content": "Microsoft released security updates for September that addresses 79 security vulnerabilities, out of the 17 are critical, 61 rated as important and one classified as Moderate. The update covers two active Elevation of Privilege Zero-Days Vulnerabilities CVE-2019-1215 &amp; CVE-2019-1214. CVE-2019-1214 \u2013 Vulnerability exists in Windows Common Log File System, successful exploitation of the vulnerability allows [\u2026]\nThe post Microsoft Fixes 79 Vulnerabilities Including Two Active Zero-Days Exploits and 4 Critical RDP Flaws (https://gbhackers.com/microsoft-fixes-79-vulnerabilities/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-09-11T09:05:12.000000Z"}, {"uuid": "d8caef86-b66a-4838-b8c8-c15131f487aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12155", "type": "seen", "source": "https://t.me/cve_mitre_org/289", "content": "CVE-2019-12155 interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference. https://t.co/qVDDHEQxyU\u2014 CVE (@CVEnew) May 24, 2019\n\nMay 24, 2019 at 07:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-24T16:48:19.000000Z"}, {"uuid": "a470fdbd-b804-4641-a046-992f9554192c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12150", "type": "seen", "source": "https://t.me/cve_mitre_org/288", "content": "CVE-2019-12150 Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under... https://t.co/MubFt8NjcS\u2014 CVE (@CVEnew) May 24, 2019\n\nMay 24, 2019 at 07:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-24T16:48:18.000000Z"}, {"uuid": "47da4cac-ccc3-4987-94df-ad9b7c985594", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12158", "type": "seen", "source": "https://t.me/cve_mitre_org/63", "content": "CVE-2019-12158 GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. https://t.co/mTHsOpNxgZ\u2014 CVE (@CVEnew) May 17, 2019\n\nMay 17, 2019 at 10:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-17T19:46:09.000000Z"}, {"uuid": "4d37fe5c-2bad-4656-981d-612b5c307663", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-12159", "type": "seen", "source": "https://t.me/cve_mitre_org/64", "content": "CVE-2019-12159 GoHTTP through 2017-07-25 has a stack-based buffer over-read in the scan function (when called from getRequestType) via a long URL. https://t.co/N3dBZRIcKs\u2014 CVE (@CVEnew) May 17, 2019\n\nMay 17, 2019 at 10:45PM\nvia Twitter https://twitter.com/CVEnew", "creation_timestamp": "2019-05-17T19:46:10.000000Z"}]}