Windows Text Service Framework Elevation of Privilege Vulnerability - CVE-2019-1235ID: oval:org.secpod.oval:def:58451 | Date: (C)2019-09-11 (M)2024-03-06 |
Class: VULNERABILITY | Family: windows |
An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses this vulnerability by correcting how the TSF server and client validate input from each other.
Platform: |
Microsoft Windows Server |
Microsoft Windows 10 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |