CVE-2019-0768

EPSS 48.5%

Vexday Risk Score

35Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 48.5%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

19 Mar 2019Public PoC

09 Apr 2019Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Affected products

Microsoft · Internet Explorer 11

public PoCs found — 2

githubgithub.com/ruthlezs/ie11_vbscript_exploit★ 9 exploitdbwww.exploit-db.com/exploits/46567unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0768