CVE-2018-19113

Name: CVE-2018-19113
Creator: NVD / NIST
Published: 2019-04-01T21:29:28.747+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.85%

Last modified Jun 17, 2026

CVE-2018-19113 is a vulnerability of currently unknown severity. The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.. EPSS estimates a 0.85% chance of exploitation in the next 30 days.

Description

The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.

Metrics

EPSS Probability

0.85%

53.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-732

Affected Software

Vendor	Product	Versions
Pronestor	Pronestor Health Monitoring	< 8.1.12.0

References

http://packetstormsecurity.com/files/153275/Pronestor-Health-Monitoring-Privilege-Escalation.html
https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28Exploit, Third Party Advisory
https://www.pronestor.comProduct, Vendor Advisory
http://packetstormsecurity.com/files/153275/Pronestor-Health-Monitoring-Privilege-Escalation.html
https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28Exploit, Third Party Advisory
https://www.pronestor.comProduct, Vendor Advisory

Timeline

Published: Apr 1, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-19113?

How severe is CVE-2018-19113?

Severity scoring for CVE-2018-19113 is pending analysis. The EPSS model estimates a 0.85% probability of exploitation in the next 30 days.

How do I fix CVE-2018-19113?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-19113?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST