ByteOS Network

NVD Vulnerability Details :

CVE-2019-0948

Modified

Source-secure@microsoft.com

Published At-12 Jun, 2019 | 14:29

Updated At-20 May, 2025 | 18:15

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Secondary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Hyperlink	Source	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2019-0948	secure@microsoft.com	N/A
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0948	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-641/	af854a3a-2127-422b-91ae-364da2661108	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History