CVE-2019-0920

CWE-787Out-of-bounds WriteCWE-8434 documents4 sources
Severity
4.3MEDIUM
EPSS
5.9%
top 9.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9+1 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5microsoft/internet_explorer_91.0.0publication
CVEListV5microsoft/internet_explorer_101.0.0publication
CVEListV5microsoft/internet_explorer_111.0.0publication

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-89w6-488r-35fr: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Me2022-05-24
CVEList
Scripting Engine Memory Corruption Vulnerability2019-06-12

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-06-11
CVE-2019-0920 (MEDIUM CVSS 4.3) | A remote code execution vulnerabili | cvebase.io