CVE-2019-1367

HIGH KEV RANSOMWARE

Internet Explorer - Memory Corruption

Title source: llm

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

Exploits (1)

nomisec WRITEUP 3 stars

by mandarenmanman · poc

https://github.com/mandarenmanman/CVE-2019-1367

View Code ZIP pw:eip

References (2)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1367

Scores

CVSS v3 7.5

EPSS 0.8935

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2019-09-23

InTheWild.io 2019-09-23

ENISA EUVD EUVD-2019-9924

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (3)

microsoft/internet_explorer 10

microsoft/internet_explorer 11

microsoft/internet_explorer 9

Published Sep 23, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026