CVE-2019-0752

HIGH KEV RANSOMWARE

Internet Explorer - Memory Corruption

Title source: llm

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.

Exploits (3)

exploitdb WORKING POC

by Simon Zuckerbraun · htmlremotewindows

https://www.exploit-db.com/exploits/46928

View Code ZIP pw:eip

nomisec WORKING POC 3 stars

by edxsh · client-side

https://github.com/edxsh/CVE-2019-0752

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/zwcreatephoton/cve-2019-0752

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/153078/Microsoft-Internet-Explorer-Windows-10-1809-17763.316-Memory-Corruption.html

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752

[Third Party Advisory, VDB Entry] https://www.zerodayinitiative.com/advisories/ZDI-19-359/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0752

Scores

CVSS v3 7.5

EPSS 0.9176

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-02-15

VulnCheck KEV 2021-05-20

InTheWild.io 2022-02-15

ENISA EUVD EUVD-2019-1511

Ransomware Use Confirmed

CWE

CWE-843

Status published

Products (2)

microsoft/internet_explorer 11

microsoft/internet_explorer 10

Published Apr 09, 2019

KEV Added Feb 15, 2022

Tracked Since Feb 18, 2026