Microsoft .NET Framework CVE-2019-1142 Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. To exploit the vulnerability, an attacker would need to log into a system. The attacker could then specify the targeted folder and trigger an affected process to run. The update addresses the vulnerability correcting how the .NET Framework CLR process logs data.

Affected Applications

Microsoft .NET Framework 4.5.2 on Windows RT 8.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1
Microsoft .NET Framework 3.5 AND 4.8 on Windows Server version 1903 (Server Core installation)
Microsoft .NET Framework 3.5 on Windows Server version 1803 (Server Core Installation)
Microsoft .NET Framework 4.8 on Windows RT 8.1
Microsoft .NET Framework 4.8 on Windows Server version 1803 (Server Core Installation)
Windows Server 2016
Windows Server 2012
Windows 8
Windows 10
Windows Server 2019

CVE References

Other References