⚠ Actively exploited in ransomware campaigns

This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-05-03.

CVE-2019-1367

CWE-787 — Out-of-bounds Write16 documents10 sources

Severity

7.5HIGH

EPSS

89.2%

top 0.46%

CISA KEV

KEVRansomware

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR 32-bit Systems +5 more

Timeline

PublishedSep 23

KEV addedNov 3

KEV dueMay 3

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages8 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

▶CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

▶CVEListV5microsoft/internet_explorer_10Windows Server 2012

▶CVEListV5microsoft/internet_explorer_1123 versions+22

▶CVEListV5microsoft/internet_explorer_11_on_windows_server_2012unspecified

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5786-v8v7-87fq: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin↗2022-05-24

▶

Project0

Déjà vu-lnerability - Project Zero↗2021-02-01

▶

Project0

Root Cause Analyses for 0-day In-the-Wild Exploits - Project Zero↗2020-07-01

▶

Project0

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero↗2020-07-01

▶

CVEList

CVE-2019-1367: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin↗2019-09-23

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability↗2021-11-03

▶

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2019-09-10

▶

🕵️Threat Intelligence

Qualys

Microsoft Released Out-of-Band Security Updates – How to Detect and Remediate↗2019-09-24

▶

Qualys

Microsoft Released Out-of-Band Security Updates - How to Detect and Remediate | Qualys↗2019-09-24

▶

External resources

NVD MITRE CISA KEV

Affected products8

Microsoft Internet Explorerv10v11v9

Microsoft Internet Explorer 10vWindows Server 2012

Microsoft Internet Explorer 11vWindows 10 Version 1607 for 32-bit SystemsvWindows 10 Version 1607 for x64-based SystemsvWindows 10 Version 1703 for 32-bit Systems+20 more

Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR 32-bit Systemsvunspecified

Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR Arm64-based Systemsvunspecified

Microsoft Internet Explorer 11 ON Windows 10 Version 1903 FOR X64-based Systemsvunspecified

Microsoft Internet Explorer 11 ON Windows Server 2012vunspecified

Microsoft Internet Explorer 9vWindows Server 2008 for 32-bit Systems Service Pack 2vWindows Server 2008 for x64-based Systems Service Pack 2

Disclosure

PublishedSep 23, 2019

KEV addedNov 3, 2021

KEV dueMay 3, 2022

Latest updateMay 24, 2022