CVE-2019-1004Sensitive Cookie Without 'HttpOnly' Flag in Microsoft Internet Explorer 10

CWE-1004Sensitive Cookie Without 'HttpOnly' Flag5 documents5 sources
Severity
7.5HIGHNVD
EPSS
4.2%
top 11.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR 32-bit Systems+5 more
Timeline
PublishedJul 15
Latest updateDec 28

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages8 packages

CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1
CVEListV5microsoft/internet_explorer_10Windows Server 2012
CVEListV5microsoft/internet_explorer_1124 versions+23

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag2022-12-28
GHSA
GHSA-54xc-7vq3-j6g2: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin2022-05-24
CVEList
CVE-2019-1004: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin2019-07-15

📋Vendor Advisories

1
Microsoft
Scripting Engine Memory Corruption Vulnerability2019-07-09
CVE-2019-1004 — Microsoft vulnerability | cvebase