CVE-2019-0667

HIGH EXPLOITED

Internet Explorer - Remote Code Execution via VBScript Engine Memory Handling

Title source: llm

Exploitation Summary

CVE-2019-0667 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Google Security Research.

AI-analyzed exploit summary This exploit leverages a use-after-free vulnerability in the VBScript `VbsErase` function, allowing an attacker to manipulate memory by crafting a variable with an attacker-controlled pointer. The PoC triggers an access violation by dereferencing an arbitrary address (0x13371337), demonstrating the vulnerability.

Description

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/46568

View Code ZIP pw:eip

This exploit leverages a use-after-free vulnerability in the VBScript `VbsErase` function, allowing an attacker to manipulate memory by crafting a variable with an attacker-controlled pointer. The PoC triggers an access violation by dereferencing an arbitrary address (0x13371337), demonstrating the vulnerability.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows VBScript Engine (Windows 10 64-bit v1809 and likely others)

No auth needed

Prerequisites: Target must execute the malicious VBScript code, typically via Internet Explorer or another VBScript-hosting application

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0667

Scores

CVSS v3 7.5

EPSS 0.4448

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2019-04-01

CWE

CWE-787

Status published

Products (3)

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Apr 08, 2019

Tracked Since Feb 18, 2026