Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-0768 — Improper Input Validation in Microsoft Internet Explorer 11

CWE-20 — Improper Input Validation5 documents5 sources

Severity

4.3MEDIUMNVD

CNA6.5

EPSS

72.4%

top 1.24%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Explorer 11 Microsoft Internet Explorer

Timeline

PublishedApr 9

Latest updateMay 13

Description

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer11

▶CVEListV5microsoft/internet_explorer_1110 versions+9

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-x6pv-8jh5-cv2g: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific con↗2022-05-13

▶

CVEList

CVE-2019-0768: A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific con↗2019-04-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML↗2019-03-19

▶

📋Vendor Advisories

Microsoft

Internet Explorer Security Feature Bypass Vulnerability↗2019-03-12

▶