CVE-2019-0541

HIGH KEV

Internet Explorer - Remote Code Execution via MSHTML Engine Input Validation

Title source: llm

Exploitation Summary

CVE-2019-0541 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Eduardo Braun Prado.

AI-analyzed exploit summary The provided content lacks actual exploit code and instead directs users to external downloads (OneDrive, GitLab) for the PoC. It includes vague descriptions of the vulnerability without technical depth, which is characteristic of social engineering lures.

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

Exploits (1)

exploitdb SUSPICIOUS

by Eduardo Braun Prado · textlocalwindows

https://www.exploit-db.com/exploits/46536

View Code ZIP pw:eip

The provided content lacks actual exploit code and instead directs users to external downloads (OneDrive, GitLab) for the PoC. It includes vague descriptions of the vulnerability without technical depth, which is characteristic of social engineering lures.

Classification

Suspicious 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Windows MSHTML Engine (Windows 7 SP1, Server 2008, Server 2012, Server 2012 R2, 8.0, 8.1, 10)

No auth needed

Prerequisites: User interaction to open a crafted HTML document · Access to a vulnerable system via browser or Office component

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0541

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46536/

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/106402

Scores

CVSS v3 8.8

EPSS 0.5320

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-1313

CWE

CWE-77

Status published

Products (10)

microsoft/excel_viewer 2007 sp3

microsoft/internet_explorer 11

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/office 2010 sp2

microsoft/office 2013 sp1 (2 CPE variants)

microsoft/office 2016

microsoft/office 2019

microsoft/office_365_proplus

microsoft/office_word_viewer

Published Jan 08, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026