CVE-2019-1367
CVE-2019-1367
In short
Internet Explorer's scripting engine improperly handles objects in memory, allowing attackers to run malicious code remotely on vulnerable computers. This is a critical flaw because it can be exploited through a simple website visit.
Technical detail
A memory corruption vulnerability in Internet Explorer's scripting engine allows remote code execution when processing specially crafted objects. The attack vector is network-based (malicious webpage), requiring user interaction (website visit), and impacts confidentiality, integrity, and availability of the affected system.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11Microsoft · Internet Explorer 11 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows Server 2012Microsoft · Internet Explorer 9public PoCs found — 1
githubgithub.com/mandarenmanman/CVE-2019-1367★ 3⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →