CVE-2019-0768
published 2019-04-09CVE-2019-0768: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions…
PriorityP344medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EXPLOIT
EPSS
48.50%
98.7th percentile
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1709_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1709_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1709_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1803_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1803_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1803_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1809_for_arm64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | internet_explorer_11_on_windows_server_2019 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2019-0768 is a VBScript execution policy bypass in Internet Explorer MSHTML; detect attempts to embed or execute VBScript content in IE contexts where it should be restricted, particularly in web-based attack scenarios hosting specially crafted content. ↗
- →Monitor for Internet Explorer processes executing VBScript (e.g., via MSHTML) in contexts where VBScript should be blocked by policy; alert on unexpected VBScript execution originating from embedded or user-provided web content. ↗
- →A public proof-of-concept exploit exists for this vulnerability (Exploit-DB 46567) targeting Internet Explorer 11 VBScript execution policy bypass in MSHTML; monitor for exploitation attempts matching this PoC pattern. ↗
- ·The vulnerability is rated 'Exploitation More Likely' for both latest and older software releases per Microsoft, meaning active exploitation attempts should be anticipated even though it was not publicly exploited at time of disclosure. ↗
- ·The bypass requires a web-based attack scenario; the attacker must host or compromise a website to deliver the specially crafted VBScript content to a victim browsing with Internet Explorer. ↗
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x6pv-8jh5-cv2g: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific con
ghsa_unreviewed·2022-05-13·CVSS 6.5
CVE-2019-0768 [MEDIUM] CWE-20 GHSA-x6pv-8jh5-cv2g: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific con
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
GHSA
GHSA-cw79-cv57-4v8x: A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka '
ghsa_unreviewed·2022-05-13·CVSS 4.3
CVE-2019-0761 [MEDIUM] CWE-863 GHSA-cw79-cv57-4v8x: A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka '
A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.
Microsoft
Internet Explorer Security Feature Bypass Vulnerability
vendor_msrc·2019-03-12·CVSS 4.3
CVE-2019-0768 [MEDIUM] Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer Security Feature Bypass Vulnerability
Description: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.
In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.
The update addresses the vulnerability by fixing how the Internet Explorer VBScript execution policy validat
No detection rules found.
Trendmicro
Write-What-Where in Internet Explorer Exploitation
blogs_trendmicro·2019-05-21·CVSS 7.5
CVE-2019-0752 [HIGH] Write-What-Where in Internet Explorer Exploitation
# RCE Without Native Code: Exploitation of a Write-What-Where in Internet Explorer
Learn about a Write-What-Where in Internet Explorer exploitation.
By: Simon Zuckerbraun
2019/05/21
Read time: ( words)
Save to Folio
On the last day of 2018, I discovered a type confusion vulnerability in Internet Explorer that yields a clean write-what-where primitive. It patched this April as CVE-2019-0752. As an exercise, I wrote a full exploit for this vulnerability using an original exploitation technique. Even though the vulnerability itself produces only a controlled write and cannot be triggered to produce an info leak, nevertheless there is a direct and highly reliable path to code execution. Furthermore, the exploit uses no shellcode. In this article, please join me for a tour of the details o
Zscaler
Zscaler found Multiple Security Vulnerabilities | 03-12-201
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 03-12-201
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2019-04-09
Published