Vulnerability Details CVE-2019-1429
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.831
EPSS Ranking 99.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.6
Proposed Action
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/155433/Microsoft-Internet-Explorer-Use-After-Free.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429
- http://packetstormsecurity.com/files/155433/Microsoft-Internet-Explorer-Use-After-Free.html
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429
Products affected by CVE-2019-1429
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1607:-
-
cpe:2.3:o:microsoft:windows_10_1709:-
-
cpe:2.3:o:microsoft:windows_10_1803:-
-
cpe:2.3:o:microsoft:windows_10_1809:-
-
cpe:2.3:o:microsoft:windows_10_1903:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2019:-