CVE-2019-0676
CVE-2019-0676
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.5EPSS 7.5%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
06 Mar 2019Published on NVD
23 May 2022Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short
Internet Explorer has a flaw that lets attackers discover which files exist on your computer by exploiting how the browser handles data in memory. This puts your privacy at risk by revealing what's stored on your system.
Technical detail
An information disclosure vulnerability in Internet Explorer's memory object handling allows an attacker to enumerate file presence on the victim's disk through specially crafted content. The attack requires user interaction (visiting a malicious webpage) and results in disclosure of filesystem information that should remain private.
Summary generated and translated by AI from the official description.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N