CVE-2019-0666
published 2019-04-08CVE-2019-0666: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution…
PriorityP275high7.5CVSS 3.0
AVNACHPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
20.40%
97.2th percentile
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in the VBScript engine's handling of objects in memory via Internet Explorer; monitor for suspicious IE-rendered VBScript execution that may corrupt memory and lead to arbitrary code execution ↗
- →Watch for ActiveX controls marked 'safe for initialization' embedded in Office documents or applications hosting the IE rendering engine as a delivery vector for exploitation ↗
- ·Exploit status is rated 'Exploitation More Likely' for both latest and older software releases, but no public exploit or active in-the-wild exploitation was confirmed at time of advisory publication ↗
- ·CVE-2019-0666 is a distinct vulnerability from the related VBScript engine RCE CVEs CVE-2019-0665, CVE-2019-0667, and CVE-2019-0772; detections should not be conflated across these CVEs ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install
vendor_msrc·2019-04-09·CVSS 6.1
CVE-2019-3870 [MEDIUM] CWE-276 A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC files are created in a private subdirectory of the install location. This directory is typically mode 0700 that is owner (root) only access. However in some upgraded installations it will have other permissions such as 0755 because this was the default before Samba 4.8. Within this directory files are created with mode 0666 which is world-writable including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use th
Red Hat
samba: World writable files in Samba AD DC private/ dir
vendor_redhat·2019-04-09·CVSS 6.1
CVE-2019-3870 [MEDIUM] CWE-276 samba: World writable files in Samba AD DC private/ dir
samba: World writable files in Samba AD DC private/ dir
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.
A vulnerability was found in Samba versions 4.9 and later. During the creation of a new Samba AD DC, files are created in a private subdirectory
Microsoft
Windows VBScript Engine Remote Code Execution Vulnerability
vendor_msrc·2019-03-12·CVSS 7.5
CVE-2019-0666 [HIGH] Windows VBScript Engine Remote Code Execution Vulnerability
Windows VBScript Engine Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is
GHSA
GHSA-wxq6-gr33-gq85: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2019-0665 [HIGH] CWE-787 GHSA-wxq6-gr33-gq85: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0666, CVE-2019-0667, CVE-2019-0772.
GHSA
GHSA-8gf9-x2m9-vchj: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2019-0666 [HIGH] CWE-787 GHSA-8gf9-x2m9-vchj: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.
GHSA
GHSA-979f-qh32-f5vr: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2019-0772 [HIGH] CWE-787 GHSA-979f-qh32-f5vr: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.
GHSA
GHSA-6pcj-mwpq-gv78: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2019-0667 [HIGH] CWE-787 GHSA-6pcj-mwpq-gv78: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
VulnCheck
Microsoft Internet Explorer Out-of-bounds Write
vulncheck·2019·CVSS 7.5
CVE-2019-0666 [HIGH] Microsoft Internet Explorer Out-of-bounds Write
Microsoft Internet Explorer Out-of-bounds Write
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_April_edition_1_digest_pdf.pdf
VulnCheck
Microsoft Internet Explorer Out-of-bounds Write
vulncheck·2019·CVSS 7.5
CVE-2019-0667 [HIGH] Microsoft Internet Explorer Out-of-bounds Write
Microsoft Internet Explorer Out-of-bounds Write
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.niiconsulting.com/Security_Advisories/Security_Advisory_Digest_April_edition_1_digest_pdf.pdf
Suricata
GPL RPC STATD UDP monitor mon_name format string exploit attempt
suricata·2010-09-23
CVE-2000-0666 GPL RPC STATD UDP monitor mon_name format string exploit attempt
GPL RPC STATD UDP monitor mon_name format string exploit attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC STATD UDP monitor mon_name format string exploit attempt"; content:"|00 01 86 B8|"; depth:4; offset:12; content:"|00 00 00 02|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,100,0,relative; content:"|00 00 00 00|"; depth:4; offset:4; reference:bugtraq,1480; reference:cve,2000-0666; classtype:attempted-admin; sid:2101915; rev:10; metadata:created_at 2010_09_23, cve CVE_2000_0666, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Suricata
GPL RPC STATD UDP stat mon_name format string exploit attempt
suricata·2010-09-23
CVE-2000-0666 GPL RPC STATD UDP stat mon_name format string exploit attempt
GPL RPC STATD UDP stat mon_name format string exploit attempt
Rule: alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"GPL RPC STATD UDP stat mon_name format string exploit attempt"; content:"|00 01 86 B8|"; depth:4; offset:12; content:"|00 00 00 01|"; within:4; distance:4; byte_jump:4,4,relative,align; byte_jump:4,4,relative,align; byte_test:4,>,100,0,relative; content:"|00 00 00 00|"; depth:4; offset:4; reference:bugtraq,1480; reference:cve,2000-0666; classtype:attempted-admin; sid:2101913; rev:11; metadata:created_at 2010_09_23, cve CVE_2000_0666, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
No public exploits indexed.
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-12-201
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 03-12-201
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
bugzilla·2019-03-14·CVSS 6.1
CVE-2019-3870 [MEDIUM] CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
CVE-2019-3870 samba: World writable files in Samba AD DC private/ dir
A vulnerability was found in Samba versions 4.9 and later. During the creation of a new Samba AD DC, files are created in a the private/ subdirectory of our install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory files are created with mode 0666, that is world-writable, including a sample krb5.conf and the list of DNS names and servicePrincipalName values to update.
Discussion:
Acknowledgments:
Name: Björn Baumbach (SerNet)
---
Statement:
This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux or
2019-04-08
Published
Exploited in the wild