⚠ Actively exploited
Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..

CVE-2019-0676Sensitive Information Exposure in Microsoft Internet Explorer 10

8 documents8 sources
Severity
6.5MEDIUMNVD
EPSS
23.8%
top 3.97%
CISA KEV
KEV
Added 2022-05-23
Due 2022-06-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer
Timeline
PublishedMar 5
KEV addedMay 23
KEV dueJun 13
CISA Required Action: Apply updates per vendor instructions.

Description

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1124 versions+23

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

4
GHSA
GHSA-49rq-p3m9-2cqc: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory2022-05-13
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero2020-07-01
CVEList
CVE-2019-0676: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory2019-03-06
VulnCheck
Microsoft Internet Explorer Information Disclosure Vulnerability2019

📋Vendor Advisories

2
CISA
Microsoft Internet Explorer Information Disclosure Vulnerability2022-05-23
Microsoft
Internet Explorer Information Disclosure Vulnerability2019-02-12

🕵️Threat Intelligence

1
Krebs
Patch Tuesday, February 2019 Edition2019-02-12
CVE-2019-0676 — Sensitive Information Exposure | cvebase