{"vulnerability": "cve-2019-0797", "sightings": [{"uuid": "55bfae17-f546-4842-830c-b44a79959945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:18.000000Z"}, {"uuid": "07c6f8ae-4e89-4649-a5ce-9ae8f85f8c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "c27f9340-859b-442d-9625-778e169b0f04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971005", "content": "", "creation_timestamp": "2024-12-24T20:22:56.486723Z"}, {"uuid": "ae0bad2c-a858-47e3-a04f-bbafde1788cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:41.000000Z"}, {"uuid": "32dca07b-6c08-4e0a-bfb9-49c7c9084e46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "exploited", "source": "https://t.me/CyberGovIL/381", "content": "\u05d1\u05ea\u05d0\u05e8\u05d9\u05da 12 \u05d1\u05de\u05e8\u05e5 \u05e4\u05e8\u05e1\u05de\u05d4 \u05de\u05d9\u05e7\u05e8\u05d5\u05e1\u05d5\u05e4\u05d8 \u05db-64 \u05e2\u05d3\u05db\u05d5\u05e0\u05d9 \u05d0\u05d1\u05d8\u05d7\u05d4 \u05dc\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d1\u05ea\u05d5\u05db\u05e0\u05d5\u05ea \u05e0\u05ea\u05de\u05db\u05d5\u05ea, \u05d0\u05e9\u05e8 17 \u05de\u05ea\u05d5\u05db\u05df \u05de\u05e1\u05d5\u05d5\u05d2\u05d5\u05ea \u05db\u05e7\u05e8\u05d9\u05d8\u05d9\u05d5\u05ea.\n\n\u05d9\u05d3\u05d5\u05e2 \u05e2\u05dc \u05e9\u05ea\u05d9 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea (CVE-2019-0808 \u05d5- CVE-2019-0797) \u05d1-win32k \u05e9\u05de\u05e0\u05d5\u05e6\u05dc\u05d5\u05ea \u05d1\u05e4\u05d5\u05e2\u05dc \u05dc\u05ea\u05e7\u05d9\u05e4\u05d5\u05ea \u05d5\u05e2\u05dc\u05d5\u05dc\u05d5\u05ea \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e2\u05dc\u05d0\u05ea \u05d4\u05e8\u05e9\u05d0\u05d5\u05ea \u05d5\u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05d1\u05e8\u05de\u05ea \u05d4-Kernel.\n\n\u05d0\u05e8\u05d1\u05e2 \u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05e4\u05d5\u05e8\u05e1\u05de\u05d5 \u05d8\u05e8\u05dd \u05d4\u05d5\u05e6\u05d0\u05ea \u05d4\u05e2\u05d3\u05db\u05d5\u05e0\u05d9\u05dd. \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea \u05d4\u05d7\u05de\u05d5\u05e8\u05d5\u05ea \u05d1\u05d9\u05d5\u05ea\u05e8 \u05e2\u05dc\u05d5\u05dc\u05d5\u05ea \u05dc\u05d0\u05e4\u05e9\u05e8 \u05dc\u05ea\u05d5\u05e7\u05e4\u05d9\u05dd \u05d4\u05e4\u05e2\u05dc\u05ea \u05e7\u05d5\u05d3 \u05de\u05e8\u05d7\u05d5\u05e7 (RCE).\n\n\u05d0\u05d7\u05ea \u05d4\u05e4\u05d2\u05d9\u05e2\u05d5\u05d9\u05d5\u05ea (CVE-2019-0697) \u05d4\u05d9\u05e0\u05d4 \u05d1\u05e8\u05db\u05d9\u05d1 \u05d4- DHCP client, \u05d5\u05de\u05d0\u05e4\u05e9\u05e8\u05ea \u05dc\u05ea\u05d5\u05e7\u05e3 \u05d4\u05e8\u05e6\u05ea \u05e7\u05d5\u05d3 \u05e2\u05dc \u05d4\u05e2\u05de\u05d3\u05d4 \u05d4\u05de\u05d5\u05ea\u05e7\u05e4\u05ea \u05d1\u05d0\u05de\u05e6\u05e2\u05d5\u05ea \u05de\u05e9\u05dc\u05d5\u05d7 \u05ea\u05d2\u05d5\u05d1\u05d5\u05ea DHCP \u05e1\u05e4\u05e6\u05d9\u05e4\u05d9\u05d5\u05ea.", "creation_timestamp": "2019-03-13T10:23:16.000000Z"}, {"uuid": "7059144d-9842-4f09-8cf1-5b73eaf9f135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-0797", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=371", "content": "", "creation_timestamp": "2019-03-13T04:00:00.000000Z"}, {"uuid": "68ca7fee-a85d-48f0-a0b7-c9fa95a40a6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-0797", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/5a8bc05a-db8d-4c1f-a6ef-c03f05667090", "content": "", "creation_timestamp": "2026-02-02T12:28:53.178814Z"}, {"uuid": "f9f9745a-35e6-43c3-80ab-28ba49f33546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "exploited", "source": "https://t.me/ctinow/9137", "content": "Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.  https://threatpost.com/sandcat-fruityarmor-exploiting-microsoft-win32k/142751/", "creation_timestamp": "2019-03-13T15:24:14.000000Z"}, {"uuid": "9c28dbd0-8bc1-45b1-a254-762460924443", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "seen", "source": "https://t.me/ctinow/9125", "content": "The fourth horseman: CVE-2019-0797 vulnerability\n\nhttps://ift.tt/2JjKXBo", "creation_timestamp": "2019-03-13T11:06:25.000000Z"}, {"uuid": "a7d28704-a20e-4c05-9b93-21eca364e638", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "exploited", "source": "https://t.me/information_security_channel/25548", "content": "Cyber criminals started exploiting the Microsoft windows os using recently discovered win32k zero day vulnerability that was patched by Microsoft recently. A zero-day vulnerability that resides in the win32k.sys allows attackers to exploit 64-bit operating systems in the range from Windows 8 to Windows 10. This vulnerability ( CVE-2019-0797) was initially discovered by the kaspersky [\u2026]\nThe post APT Hackers Group Exploiting the Window OS Using New Zero day Vulnerability (https://gbhackers.com/exploiting-new-zero-day-vulnerability/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-03-15T04:44:01.000000Z"}, {"uuid": "41d01c82-9044-428b-be1a-4615a8cac2bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0797", "type": "exploited", "source": "https://t.me/cibsecurity/3084", "content": "\u274c Threat Groups SandCat, FruityArmor Exploiting Microsoft Win32k Flaw \u274c\n\nNewly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.\n\n\ud83d\udcd6 Read\n\nvia \"Threatpost\".", "creation_timestamp": "2019-03-13T15:20:45.000000Z"}]}