⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2019-0541

CWE-77 — Command Injection7 documents7 sources

Severity

8.8HIGH

EPSS

83.4%

top 0.72%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 +6 more

Timeline

PublishedJan 8

KEV addedNov 3

KEV dueMay 3

Latest updateMay 13

CISA Required Action: Apply updates per vendor instructions.

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages10 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

▶CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

▶CVEListV5microsoft/internet_explorer_10Windows Server 2012

▶CVEListV5microsoft/internet_explorer_1124 versions+23

▶CVEListV5microsoft/microsoft_office_word_viewerMicrosoft Office Word Viewer

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-f832-7fhg-m78h: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vu↗2022-05-13

▶

CVEList

CVE-2019-0541: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vu↗2019-01-08

▶

VulnCheck

Microsoft MSHTML Remote Code Execution Vulnerability↗2019

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution↗2019-03-13

▶

📋Vendor Advisories

CISA

Microsoft MSHTML Remote Code Execution Vulnerability↗2021-11-03

▶

Microsoft

MSHTML Engine Remote Code Execution Vulnerability↗2019-01-08

▶

External resources

NVD MITRE CISA KEV

Affected products9

Microsoft Excel Viewerv2007

Microsoft Internet Explorerv10v11v9

Microsoft Internet Explorer 10vWindows Server 2012

Microsoft Internet Explorer 11vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows 10 Version 1703 for 32-bit Systems+21 more

Microsoft Internet Explorer 9vWindows Server 2008 for 32-bit Systems Service Pack 2vWindows Server 2008 for x64-based Systems Service Pack 2

Microsoft Microsoft Excel Viewerv2007 Service Pack 3

Microsoft Microsoft Officev2010 Service Pack 2 (32-bit editions)v2010 Service Pack 2 (64-bit editions)v2013 RT Service Pack 1+6 more

Microsoft Microsoft Office Word ViewervMicrosoft Office Word Viewer

Microsoft Officev365 ProPlus for 32-bit Systemsv365 ProPlus for 64-bit Systemsv2010+3 more

Disclosure

PublishedJan 8, 2019

KEV addedNov 3, 2021

KEV dueMay 3, 2022

Latest updateMay 13, 2022