cbcvebase.
CVE-2019-0768
published 2019-04-09

CVE-2019-0768: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions…

PriorityP344medium4.3CVSS 3.0
AVNACLPRNUIRSUCLINAN
EXPLOIT
EPSS
48.50%
98.7th percentile
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Affected

22 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
microsoftinternet_explorer_11
msrcinternet_explorer_11_on_windows_10_version_1709_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1709_for_arm64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1709_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1803_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1803_for_arm64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1803_for_x64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1809_for_32-bit_systems
msrcinternet_explorer_11_on_windows_10_version_1809_for_arm64-based_systems
msrcinternet_explorer_11_on_windows_10_version_1809_for_x64-based_systems
msrcinternet_explorer_11_on_windows_server_2019

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2019-0768 is a VBScript execution policy bypass in Internet Explorer MSHTML; detect attempts to embed or execute VBScript content in IE contexts where it should be restricted, particularly in web-based attack scenarios hosting specially crafted content.
  • Monitor for Internet Explorer processes executing VBScript (e.g., via MSHTML) in contexts where VBScript should be blocked by policy; alert on unexpected VBScript execution originating from embedded or user-provided web content.
  • A public proof-of-concept exploit exists for this vulnerability (Exploit-DB 46567) targeting Internet Explorer 11 VBScript execution policy bypass in MSHTML; monitor for exploitation attempts matching this PoC pattern.
  • ·The vulnerability is rated 'Exploitation More Likely' for both latest and older software releases per Microsoft, meaning active exploitation attempts should be anticipated even though it was not publicly exploited at time of disclosure.
  • ·The bypass requires a web-based attack scenario; the attacker must host or compromise a website to deliver the specially crafted VBScript content to a victim browsing with Internet Explorer.

CVSS provenance

nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_msrc4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.