CVE-2019-1038 — Out-of-bounds Write in Microsoft Internet Explorer 10

CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Edge +1 more

Timeline

PublishedJun 12

Latest updateMay 24

Description

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then i…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5microsoft/microsoft_edge1.0..0 — publication

▶CVEListV5microsoft/internet_explorer_101.0.0 — publication

▶CVEListV5microsoft/internet_explorer_111.0.0 — publication

▶NVDmicrosoft/internet_explorer10, 11+1

Patches

Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rp8m-m7rj-h3f6: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vul↗2022-05-24

▶

CVEList

Microsoft Browser Memory Corruption Vulnerability↗2019-06-12

▶

📋Vendor Advisories

Microsoft

Microsoft Browser Memory Corruption Vulnerability↗2019-06-11

▶