CVE-2019-1429
CVE-2019-1429
In short
Internet Explorer's scripting engine can crash or run attacker's code when processing specially crafted web pages due to improper memory handling. This allows remote attackers to execute malicious code on your computer without additional user interaction beyond visiting the compromised page.
Technical detail
A use-after-free vulnerability (CWE-416) in Internet Explorer's JavaScript engine permits remote code execution when a crafted HTML/JavaScript payload is processed. The attack vector is network-based (visiting a malicious webpage), requiring no authentication or user privilege escalation; successful exploitation grants arbitrary code execution in the browser's security context.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11Microsoft · Internet Explorer 11 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows Server 2012Microsoft · Internet Explorer 9public PoCs found — 2
cve_referencepacketstormsecurity.com/files/155433/Microsoft-Internet-Explorer-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/47707unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →