cbcvebase.
CVE-2019-0606
published 2019-03-05

CVE-2019-0606: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption…

PriorityP277high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
11.11%
95.4th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
msrcinternet_explorer_11

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered when Internet Explorer improperly accesses objects in memory via a specially crafted website; monitor for IE process spawning unexpected child processes or executing arbitrary code in user context
  • Attack vector is web-based; attacker hosts or compromises a website to serve malicious content to IE users — monitor for IE navigating to unusual or newly-registered domains, especially following email/IM lure activity
  • Initial delivery vector is commonly email or instant message lure, or malicious email attachment — correlate IE exploitation events with prior email/IM activity or attachment opens
  • ·Exploit status at time of advisory was 'Exploitation More Likely' for latest software release but marked as not yet publicly disclosed or actively exploited — detection priority should be elevated given Microsoft's own likelihood rating
  • ·The vulnerability affects Internet Explorer specifically; scope is limited to IE-based browsing contexts — non-IE browsers are not affected
  • ·If the exploited user has administrative rights, full system compromise is possible including program installation and account creation — prioritize detection on privileged user sessions running IE

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.