Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0667Out-of-bounds Write in Microsoft Internet Explorer 10

CWE-787Out-of-bounds Write6 documents6 sources
Severity
7.5HIGHNVD
EPSS
44.5%
top 2.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9+1 more
Timeline
PublishedApr 8
Latest updateMay 13

Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2
CVEListV5microsoft/internet_explorer_10Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems+2
CVEListV5microsoft/internet_explorer_11Windows Server 2008 for x64-based Systems Service Pack 2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
GHSA-6pcj-mwpq-gv78: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E2022-05-13
CVEList
CVE-2019-0667: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code E2019-04-08
VulnCheck
Microsoft Internet Explorer Out-of-bounds Write2019

💥Exploits & PoCs

1
Exploit-DB
Microsoft VBScript - VbsErase Memory Corruption2019-03-19

📋Vendor Advisories

1
Microsoft
Windows VBScript Engine Remote Code Execution Vulnerability2019-03-12
CVE-2019-0667 — Out-of-bounds Write in Microsoft | cvebase