What is CVE-2019-0785?

CVE-2019-0785 is a vulnerability in Microsoft Windows Server. Published 2019-07-15.

Is CVE-2019-0785 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Windows Server

CVE-2019-0785

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.

EPSS: 0.515 (97.9th percentile) — read the EPSS interpretation.

Affected products

Microsoft Windows Server — versions 2012, 2012 (Core installation), 2012 R2
Microsoft Windows Server, Version 1903 (Server Core Installation) — versions unspecified

Public proof-of-concept exploits

Jaky5155/CVE-2019-0785
0xT11/CVE-POC
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub
nomi-sec/PoC-in-GitHub

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0785 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-0785?: CVE-2019-0785 is a vulnerability in Microsoft Windows Server. Published 2019-07-15.
Is CVE-2019-0785 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.