← back
CVE-2019-0676

CVE-2019-0676

CVSS 6.5 MEDIUMEPSS 7.5%● KEV
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 6.5EPSS 7.5%KEV simPoC Nuclei Metasploit Patch
Lifecycle
06 Mar 2019Published on NVD
23 May 2022Active exploitation (CISA KEV)
Recommendation: Plan a near-term fix — a public PoC already exists.
In short

Internet Explorer has a flaw that lets attackers discover which files exist on your computer by exploiting how the browser handles data in memory. This puts your privacy at risk by revealing what's stored on your system.

Technical detail

An information disclosure vulnerability in Internet Explorer's memory object handling allows an attacker to enumerate file presence on the victim's disk through specially crafted content. The attack requires user interaction (visiting a malicious webpage) and results in disclosure of filesystem information that should remain private.

Summary generated and translated by AI from the official description.
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N