CVE-2019-1081Sensitive Information Exposure in Microsoft Internet Explorer 10

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.2MEDIUMNVD
EPSS
1.1%
top 21.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Internet Explorer 10Microsoft Internet Explorer 11Microsoft Internet Explorer 9+2 more
Timeline
PublishedJun 12
Latest updateMay 24

Description

An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain special

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages5 packages

CVEListV5microsoft/microsoft_edge1.0..0publication
CVEListV5microsoft/internet_explorer_91.0.0publication
CVEListV5microsoft/internet_explorer_101.0.0publication
CVEListV5microsoft/internet_explorer_111.0.0publication

Patches

Patch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-w674-fx62-vvfq: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Informatio2022-05-24
CVEList
Microsoft Browser Information Disclosure Vulnerability2019-06-12

📋Vendor Advisories

1
Microsoft
Microsoft Browser Information Disclosure Vulnerability2019-06-11
CVE-2019-1081 — Sensitive Information Exposure | cvebase