CVE-2019-0541

HIGH KEV

Microsoft Internet Explorer - Command Injection

Title source: rule

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

Exploits (1)

exploitdb SUSPICIOUS

by Eduardo Braun Prado · textlocalwindows

https://www.exploit-db.com/exploits/46536

View Code ZIP pw:eip

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/106402

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/46536/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0541

Scores

CVSS v3 8.8

EPSS 0.8339

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-1313

CWE

CWE-77

Status published

Products (10)

microsoft/excel_viewer 2007 sp3

microsoft/internet_explorer 11

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/office 2010 sp2

microsoft/office 2013 sp1 (2 CPE variants)

microsoft/office 2016

microsoft/office 2019

microsoft/office_365_proplus

microsoft/office_word_viewer

Published Jan 08, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026