CVE-2019-0761Incorrect Authorization in Microsoft Internet Explorer 10

CWE-863Incorrect Authorization4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
8.3%
top 7.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer
Timeline
PublishedApr 9
Latest updateMay 13

Description

A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1124 versions+23

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-cw79-cv57-4v8x: A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka '2022-05-13
CVEList
CVE-2019-0761: A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka '2019-04-09

📋Vendor Advisories

1
Microsoft
Internet Explorer Security Feature Bypass Vulnerability2019-03-12
CVE-2019-0761 — Incorrect Authorization in Microsoft | cvebase