{"vulnerability": "cve-2019-0841", "sightings": [{"uuid": "13289047-8f92-48f2-9c5c-79b86878ca72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:03.000000Z"}, {"uuid": "ad8e4f74-1777-4467-9c08-87eea8254766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "exploited", "source": "https://www.exploit-db.com/exploits/47128", "content": "", "creation_timestamp": "2019-07-16T00:00:00.000000Z"}, {"uuid": "77665e66-f9f1-4c25-9086-95ff495af896", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "MISP/a993f49f-3797-4077-8c76-879d75a4e908", "content": "", "creation_timestamp": "2024-11-14T06:09:57.000000Z"}, {"uuid": "3393c764-fe0c-4933-97e5-5398bf0db418", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971379", "content": "", "creation_timestamp": "2024-12-24T20:28:27.862933Z"}, {"uuid": "4751dd55-f6af-4447-b065-cbc733eb4616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:43.000000Z"}, {"uuid": "a787162e-7561-41ce-a134-ee0ec8129529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:10.000000Z"}, {"uuid": "80d72ae0-fc85-49d8-9822-234d134f2a87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:21.000000Z"}, {"uuid": "7c90e375-8898-41aa-a224-e7a6a504cdf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:00:48.000000Z"}, {"uuid": "4cae3e78-9f30-4d00-998a-a89ed193c432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/appxsvc_hard_link_privesc.rb", "content": "", "creation_timestamp": "2019-07-15T14:52:11.000000Z"}, {"uuid": "1525ceba-0f6e-43cb-a192-a64c7736e043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "https://gist.github.com/ryukk33/79a78fbc75ee9f3cf3a6fc1504681717", "content": "", "creation_timestamp": "2026-01-22T14:43:48.000000Z"}, {"uuid": "dcdff0e3-1fcb-44cf-ab1e-06c40c8b3d6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-0841", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/50426b7b-c26f-4856-b7f1-a705b31d2b9e", "content": "", "creation_timestamp": "2026-02-02T12:28:09.350381Z"}, {"uuid": "ac314d91-dce8-4f51-b291-bbfe06d88b3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/antichat/5002", "content": "https://rastamouse.me/2019/04/weaponizing-cve-2019-0841-with-laps", "creation_timestamp": "2019-05-19T08:26:35.000000Z"}, {"uuid": "e92c8130-29f4-4b98-ac93-7e8d00e74ce4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "exploited", "source": "https://t.me/antichat/5312", "content": "Hacker going by the name of SandboxEscaper today discloses a second zero-day exploit that apparently bypasses Microsoft's patch for a Windows EoP vulnerability (CVE-2019-0841)\n\nhttps://thehackernews.com/2019/06/windows-eop-exploit.html", "creation_timestamp": "2019-06-07T10:54:13.000000Z"}, {"uuid": "23786ea1-8eb4-4d66-9a0f-9f8816de4cc7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4378", "content": "DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)\nhttps://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/", "creation_timestamp": "2019-04-10T21:31:35.000000Z"}, {"uuid": "763a5d90-d892-4f90-b2cd-ac1db141415a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/5109", "content": "Two More Windows 10 Zero-Day PoC Exploits Released, Brings Total to 4\n\nAfter releasing exploit code for three zero-day vulnerabilities in Windows 10 over the past 48 hours, security researcher and exploit developer SandboxEscaper today has published two more, bypass for the\u00a0CVE-2019-0841 patch and LPE PoC exploit dubbed\u00a0InstallerBypass. [...]\n\nhttps://www.bleepingcomputer.com/news/security/two-more-windows-10-zero-day-poc-exploits-released-brings-total-to-4/", "creation_timestamp": "2019-05-23T17:09:30.000000Z"}, {"uuid": "e26be51e-785c-41e5-b1f1-e361812cd2b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/Pen7esting/174", "content": "https://unaaldia.hispasec.com/2019/06/filtrado-otro-zero-day-de-windows-para-cve-2019-0841.html", "creation_timestamp": "2019-06-10T19:01:15.000000Z"}, {"uuid": "a5d2fb69-4a31-495c-938d-bfb482227523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/41", "content": "PoC code for CVE-2019-0841 Privilege Escalation vulnerability\n\nhttps://github.com/rogue-kdc/CVE-2019-0841\n\n#exploit #windows #LPE", "creation_timestamp": "2019-04-10T08:15:27.000000Z"}, {"uuid": "d75a0e6a-80dd-4cb7-8e02-9f866bb266b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/40", "content": "DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)\n\nThis vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\\SYSTEM by overwriting permissions on the targeted file. Successful exploitation results in \"Full Control\" permissions for the low privileged user. \n\nhttps://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/\n\n#privesc #windows", "creation_timestamp": "2019-04-10T08:14:06.000000Z"}, {"uuid": "e5a3c1ae-3dce-4aee-bcf3-4f9df29c57a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "https://t.me/ctinow/11720", "content": "Today's releases consists of two more zero-day local privilege escalation vulnerabilities. One is a bypass of Microsoft's patch for CVE-2019-0841 and the other is a new one titled", "creation_timestamp": "2019-05-23T19:16:31.000000Z"}, {"uuid": "49817f28-9d82-44d7-92e9-dc912a107c48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/12346", "content": "RT @rogue_kdc: Now that SandboxEscaper found 2 bypasses for CVE-2019-0841 and released them as 0days both based on my public PoC. I wonder if these 0days wouldn't be public if I never disclosed the details. \ud83e\udd14 https://t.co/szdrY73T1L http://twitter.com/BleepinComputer/status/1137467169472700419", "creation_timestamp": "2019-06-08T23:13:13.000000Z"}, {"uuid": "6c013019-e6fd-4842-a4d5-381412d19e95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "exploited", "source": "https://t.me/information_security_channel/28272", "content": "An anonymous hacker SanboxEscaper came back and leaked another Windows zero-day vulnerability that exploits already patched (CVE-2019-0841) local privilege escalation vulnerability in Windows 10. This is a second zero-day that bypass CVE-2019-0841, An elevation of privilege vulnerability exists when Windows AppX Deployment Service improperly handles hard links. and the vulnerability has been already patched by [\u2026]\nThe post Hacker Leaked New Windows 10 Zero-day Exploit Online To Bypass Already Patched Bug (https://gbhackers.com/hacker-leaked-new-zero-day-exploit-online-to-bypass-already-patched-bug/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-06-08T07:55:51.000000Z"}, {"uuid": "dd8420fe-a9f8-4294-95a6-ff6f9f1b8280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/thehackernews/333", "content": "Hacker going by the name of SandboxEscaper today discloses a second zero-day exploit that apparently bypasses Microsoft's patch for a Windows EoP vulnerability (CVE-2019-0841)\n\nhttps://thehackernews.com/2019/06/windows-eop-exploit.html", "creation_timestamp": "2019-06-07T12:52:57.000000Z"}, {"uuid": "51f8d775-144b-49ce-aa1f-aef1f2cb048c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/5390", "content": "DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)\nhttps://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/", "creation_timestamp": "2019-04-10T21:57:30.000000Z"}, {"uuid": "92ac0a47-85c4-4bee-8d27-de3dd63c3bbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/SecLabNews/4699", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u041d\u0430\u0431\u0438\u043b \u0410\u0445\u043c\u0435\u0434 (Nabeel Ahmed) \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (CVE-2019-0841) \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0432 Windows, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u043e\u0439 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u043e\u0439 \u0436\u0435\u0441\u0442\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c AppX Deployment Service (AppXSVC), \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 Windows Apps, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0438 \u0434\u0435\u0438\u043d\u0441\u0442\u0430\u043b\u043b\u044f\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439.    \n\u0412 \u0421\u0435\u0442\u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d PoC-\u043a\u043e\u0434 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Windows", "creation_timestamp": "2019-04-11T11:01:54.000000Z"}, {"uuid": "d15f6350-740d-4e19-b98e-e24c8df43395", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/284", "content": "#Red_Team_Tactics\n1. Exploiting CVE-2019-1040 - Combining relay vulnerabilities for RCE and Domain Admin\nhttps://blog.preempt.com/drop-the-mic\n2. Coding a reliable CVE-2019-084 bypass\nhttps://0x00-0x00.github.io/research/2019/05/30/Coding-a-reliable-CVE-2019-0841-Bypass.html", "creation_timestamp": "2023-10-26T20:37:33.000000Z"}, {"uuid": "0150cb9c-0412-4289-bfe9-b825d487df85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/306", "content": "#exploit\n1. CVE-2019-0841:\nEoP vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links\nhttps://github.com/rogue-kdc/CVE-2019-0841\nhttps://github.com/0x00-0x00/CVE-2019-0841-BYPASS \n\n2. CVE-2019-0859:\nEoP vulnerability in Windows when the Win32k component fails to properly handle objects in memory\nhttps://github.com/Sheisback/CVE-2019-0859-1day-Exploit", "creation_timestamp": "2024-07-17T10:19:24.000000Z"}, {"uuid": "11c3d525-d9dd-4fd2-a9fd-ee62483f4627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "Telegram/etpTle02KZu4bwjSBmFNPkggU6Oy9UDinLPkfdjV0it7V-8", "content": "", "creation_timestamp": "2022-06-27T04:16:42.000000Z"}, {"uuid": "30cefcd1-bc02-4f78-84ec-1ccc92afffdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0841", "type": "seen", "source": "https://t.me/cibsecurity/4756", "content": "\u274c SandboxEscaper Debuts ByeBear Windows Patch Bypass \u274c\n\nSandboxEscaper is back, with a second bypass for the recent CVE-2019-0841 Windows patch.\n\n\ud83d\udcd6 Read\n\nvia \"Threatpost\".", "creation_timestamp": "2019-06-07T17:33:07.000000Z"}]}