CVE-2019-0768

MEDIUM

IE - Auth Bypass

Title source: llm

Description

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldoswindows

https://www.exploit-db.com/exploits/46567

View Code ZIP pw:eip

nomisec WORKING POC 9 stars

by ruthlezs · poc

https://github.com/ruthlezs/ie11_vbscript_exploit

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0768

Scores

CVSS v3 4.3

EPSS 0.7236

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE

CWE-20

Status published

Products (1)

microsoft/internet_explorer 11

Published Apr 09, 2019

Tracked Since Feb 18, 2026