CVE-2019-1367

HIGH KEV RANSOMWARE

Internet Explorer - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2019-1367 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including mandarenmanman.

AI-analyzed exploit summary This repository provides a detailed technical description of CVE-2019-1367, a memory corruption vulnerability in Internet Explorer's script engine that allows remote code execution. It includes affected versions, mitigation steps, and references to Microsoft's patch but lacks functional exploit code.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

Exploits (1)

nomisec WRITEUP 3 stars

by mandarenmanman · poc

https://github.com/mandarenmanman/CVE-2019-1367

View Code ZIP pw:eip

This repository provides a detailed technical description of CVE-2019-1367, a memory corruption vulnerability in Internet Explorer's script engine that allows remote code execution. It includes affected versions, mitigation steps, and references to Microsoft's patch but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Internet Explorer 9, 10, 11

No auth needed

Prerequisites: User interaction required to visit a malicious website

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1367

Scores

CVSS v3 7.5

EPSS 0.5273

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2019-09-23

InTheWild.io 2019-09-23

ENISA EUVD EUVD-2019-9924

Ransomware Use Confirmed

CWE

CWE-787

Status published

Products (3)

microsoft/internet_explorer 10

microsoft/internet_explorer 11

microsoft/internet_explorer 9

Published Sep 23, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026