CVE-2019-1367
CVE-2019-1367
Vexday Risk Score
83Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 52.7%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
23 Sep 2019Published on NVD
24 Sep 2019Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Internet Explorer's scripting engine improperly handles objects in memory, allowing attackers to run malicious code remotely on vulnerable computers. This is a critical flaw because it can be exploited through a simple website visit.
Technical detail
A memory corruption vulnerability in Internet Explorer's scripting engine allows remote code execution when processing specially crafted objects. The attack vector is network-based (malicious webpage), requiring user interaction (website visit), and impacts confidentiality, integrity, and availability of the affected system.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11Microsoft · Internet Explorer 11 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows Server 2012Microsoft · Internet Explorer 9public PoCs found — 1
githubgithub.com/mandarenmanman/CVE-2019-1367★ 3⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →