CVE-2019-1001

CWE-787Out-of-bounds Write4 documents4 sources
Severity
7.5HIGH
EPSS
4.0%
top 11.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Microsoft ChakracoreMicrosoft Internet Explorer 10Microsoft Internet Explorer 11+10 more
Timeline
PublishedJul 15
Latest updateMay 24

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages14 packages

NVDmicrosoft/chakracore< 1.11.11
CVEListV5microsoft/chakracoreunspecified
CVEListV5microsoft/microsoft_edge17 versions+16
CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-wgvv-wf8j-64x6: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Me2022-05-24
CVEList
CVE-2019-1001: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Me2019-07-15

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-07-09
CVE-2019-1001 (HIGH CVSS 7.5) | A remote code execution vulnerabili | cvebase.io