Exploitation Summary
CVE-2019-0676 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 23, 2022.
Description
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
References (3)
Core 3
Core References
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106886
Scores
CVSS v3
6.5
EPSS
0.2382
EPSS Percentile
96.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-05-23
VulnCheck KEV
2019-02-12
InTheWild.io
2019-02-12
ENISA EUVD
EUVD-2019-1436
Status
published
Products (2)
microsoft/internet_explorer
10
microsoft/internet_explorer
11
Published
Mar 05, 2019
KEV Added
May 23, 2022
Tracked Since
Feb 18, 2026