{"vulnerability": "CVE-2019-1215", "sightings": [{"uuid": "44833cc4-200b-4ef1-9a6b-5c005609ee32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:54.000000Z"}, {"uuid": "46f06ff9-c62f-4beb-9ac5-69c50770dc69", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://gist.github.com/ryukk33/79a78fbc75ee9f3cf3a6fc1504681717", "content": "", "creation_timestamp": "2026-01-22T14:43:48.000000Z"}, {"uuid": "ef1343e0-f25e-41f7-9645-15b301ef2687", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=419", "content": "", "creation_timestamp": "2026-03-17T14:45:10.121075Z"}, {"uuid": "de29d7cb-dd2e-4553-a2b2-2a0afa0145bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f70f89eb-99cf-4819-a919-397f5419c8e1", "content": "", "creation_timestamp": "2026-02-02T12:28:53.433788Z"}, {"uuid": "c92e267d-fe5f-4f10-bb73-8be2b6eb4fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=419", "content": "", "creation_timestamp": "2019-09-11T04:00:00.000000Z"}, {"uuid": "0697c00d-c169-4874-9631-3010417faf6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/f70f89eb-99cf-4819-a919-397f5419c8e1", "content": "", "creation_timestamp": "2026-02-02T12:28:53.433788Z"}, {"uuid": "4267af69-a3dd-4cea-9821-09026595514b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7583", "content": "Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability. \n\nhttps://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/\n\n#re #expdev #uaf #windows #darw1n", "creation_timestamp": "2020-01-09T10:52:05.000000Z"}, {"uuid": "79b8155f-f8b3-4df1-a3d3-5773f8bab245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7570", "content": "https://github.com/bluefrostsecurity/CVE-2019-1215/", "creation_timestamp": "2020-01-08T08:57:51.000000Z"}, {"uuid": "573adc5f-319c-409b-b96f-fa6ea834a015", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/R0_Crew/1388", "content": "Root cause analysis and exploit for a Windows kernel ws2ifsl.sys use-after-free vulnerability. \n\nhttps://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/\n\n#re #expdev #uaf #windows #darw1n", "creation_timestamp": "2020-01-10T16:39:10.000000Z"}, {"uuid": "5675c5ce-ad5b-4e03-98f1-d905c4833ad8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/tech_b0lt_Genona/970", "content": "\u0427\u0442\u043e \u0445\u0430\u0440\u0430\u043a\u0442\u0435\u0440\u043d\u043e, \u043f\u0430\u0442\u0447\u0438 \u0438\u0437 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044f \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f CVE-2019-1215, \u043a\u043e\u0442\u0440\u0430\u044f \u0431\u044b\u043b\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0430 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 \u043a\u0430\u043a \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Winsock (ws2ifsl.sys), \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u0418\u0437 \u043e\u0431\u0449\u0435\u0433\u043e \u0447\u0438\u0441\u043b\u0430 \u0434\u044b\u0440 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435, 17 \u0431\u044b\u043b\u0438 \u043a\u043b\u0430\u0441\u0441\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u201c\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435\", \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0432\u043b\u0438\u044f\u044e\u0442 \u043d\u0430 Windows, Edge, SharePoint, Azure DevOps Server (ADO) \u0438 Team Foundation Server (TFS):\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573", "creation_timestamp": "2019-09-11T18:29:45.000000Z"}, {"uuid": "36adcc69-ad55-4046-a819-d40f65362a7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/N0iSeBit/325", "content": "\u041f\u043e\u0441\u043b\u0435 \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e/\u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e\u0433\u043e diff \u0430\u043d\u0430\u043b\u0438\u0437\u0430 CVE-2019-1215 - \u0432\u044b\u0433\u043b\u044f\u0434\u0438\u0442 \u043a\u0430\u043a double-free", "creation_timestamp": "2019-09-12T08:28:51.000000Z"}, {"uuid": "0d5594fc-98e6-4bb7-a25f-c3ea72e24d80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/N0iSeBit/324", "content": "\u0441\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0447\u0442\u043e \u0434\u0432\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043a\u043b\u0430\u0441\u0441\u0430 LPE (\u043f\u043e\u043a\u0440\u044b\u0432\u0430\u044e\u0449\u0438\u0435 \u0432\u0441\u044e \u043b\u0438\u043d\u0435\u0439\u043a\u0443 Windows) \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0432 \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 (\u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e\u0442 ZDI) (\u043f\u043e\u043a\u0430 \u0434\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u043d\u0435\u0442 \u043a \u0441\u043e\u0436\u0430\u043b\u0435\u043d\u0438\u044e):\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1214\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1215", "creation_timestamp": "2019-09-12T08:23:57.000000Z"}, {"uuid": "45b12c0f-6586-49dc-88d4-5109106fbe85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/N0iSeBit/361", "content": "\u0410\u043d\u0430\u043b\u0438\u0437 Windows kernel ws2ifsl use-after-free (CVE-2019-1215) \u0443\u0447\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\nhttps://labs.bluefrostsecurity.de/blog/2020/01/07/cve-2019-1215-analysis-of-a-use-after-free-in-ws2ifsl/\n\nPoC: https://github.com/bluefrostsecurity/CVE-2019-1215", "creation_timestamp": "2020-01-07T19:12:16.000000Z"}, {"uuid": "34f2dce7-503b-4f96-9a7d-e1214fb435dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/350", "content": "CVE-20190-1215 ws2ifsl.sys UAF exploit for Windows 10 19H1 x64\n\nThis exploit uses the recently patched use after free vulnerability CVE-2019-1215 in ws2ifsl.sys to achieve local privilege escalation. The exploit targets Windows 10 19H1 (1901) x64 and demonstrates how to bypass kASLR, kCFG and SMEP. When executing the exploit with medium integrity privileges, successful exploitation spawns a new cmd.exe with system privileges.\n\nhttps://github.com/bluefrostsecurity/CVE-2019-1215\n#exploit #windows #LPE", "creation_timestamp": "2020-01-09T13:58:49.000000Z"}, {"uuid": "5fd20272-651e-4970-bf6d-9b62630f3275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://t.me/information_security_channel/30889", "content": "Microsoft released security updates for September that addresses 79 security vulnerabilities, out of the 17 are critical, 61 rated as important and one classified as Moderate. The update covers two active Elevation of Privilege Zero-Days Vulnerabilities CVE-2019-1215 & CVE-2019-1214. CVE-2019-1214 \u2013 Vulnerability exists in Windows Common Log File System, successful exploitation of the vulnerability allows [\u2026]\nThe post Microsoft Fixes 79 Vulnerabilities Including Two Active Zero-Days Exploits and 4 Critical RDP Flaws (https://gbhackers.com/microsoft-fixes-79-vulnerabilities/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-09-11T09:05:12.000000Z"}, {"uuid": "b316f418-1174-4d9b-819d-bc5ce58dcc3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/531", "content": "#exploit\n1. CVE-2019-1132:\nWin32k EoP Vulnerability (Win7 7601)\nhttps://github.com/Vlad-tri/CVE-2019-1132\nhttps://github.com/petercc/CVE-2019-1132\n\n2. CVE-2019-1215:\nEoP vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory\nhttps://github.com/bluefrostsecurity/CVE-2019-1215 \n\n3. CVE-2019-1218:\nA spoofing vulnerability exists in the way MS Outlook iOS software parses specifically crafted email messages (Outlook iOS Spoofing)\nhttps://github.com/d0gukank/CVE-2019-1218", "creation_timestamp": "2024-10-08T20:48:11.000000Z"}, {"uuid": "23b55069-2b59-4e65-9bf9-00b146135901", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "96a56d59-7e1e-40bb-9542-1fc5cb8cc677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:18.000000Z"}, {"uuid": "4b16ab7a-ec00-4e6b-9392-263f4660d49d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971003", "content": "", "creation_timestamp": "2024-12-24T20:22:54.859424Z"}, {"uuid": "fc3fe053-677b-4d7d-b388-8594b379d61c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-1215", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:42.000000Z"}]}