CVE-2019-0666 — Out-of-bounds Write in Microsoft Internet Explorer 10
Severity
7.5HIGHNVD
EPSS
8.0%
top 7.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 8
Latest updateMay 13
Description
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages4 packages
▶CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8gf9-x2m9-vchj: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E↗2022-05-13
CVEList▶
CVE-2019-0666: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E↗2019-04-08
📋Vendor Advisories
3Microsoft▶
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install↗2019-04-09