An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.
A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.
A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Tue, 20 May 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by correcting the input sanitization error to preclude unintended elevation. |
Title | Windows Installer Elevation of Privilege Vulnerability | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: microsoft
Published:
Updated: 2025-05-20T17:49:36.023Z
Reserved: 2018-11-26T00:00:00
Link: CVE-2019-0973

No data.

Status : Modified
Published: 2019-06-12T14:29:01.947
Modified: 2025-05-20T18:15:32.153
Link: CVE-2019-0973

No data.

No data.