← back
CVE-2019-0676

CVE-2019-0676

CVSS 6.5 MEDIUMEPSS 7.5%● KEV
In short

Internet Explorer has a flaw that lets attackers discover which files exist on your computer by exploiting how the browser handles data in memory. This puts your privacy at risk by revealing what's stored on your system.

Technical detail

An information disclosure vulnerability in Internet Explorer's memory object handling allows an attacker to enumerate file presence on the victim's disk through specially crafted content. The attack requires user interaction (visiting a malicious webpage) and results in disclosure of filesystem information that should remain private.

Summary generated and translated by AI from the official description.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676http://www.securityfocus.com/bid/106886