CVE-2019-1429

HIGH KEV

Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption

Title source: llm

Exploitation Summary

CVE-2019-1429 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Google Security Research.

AI-analyzed exploit summary This PoC exploits a use-after-free vulnerability in JScript (via Internet Explorer) by manipulating the 'arguments' object during a 'toJSON' callback, leading to a crash. The exploit demonstrates the vulnerability by forcing garbage collection while retaining a reference to a freed object.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/47707

View Code ZIP pw:eip

This PoC exploits a use-after-free vulnerability in JScript (via Internet Explorer) by manipulating the 'arguments' object during a 'toJSON' callback, leading to a crash. The exploit demonstrates the vulnerability by forcing garbage collection while retaining a reference to a freed object.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer (JScript engine)

No auth needed

Prerequisites: Internet Explorer with JScript enabled · Target system running a vulnerable version of Windows

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/155433/Microsoft-Internet-Explorer-Use-After-Free.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1429

Scores

CVSS v3 7.5

EPSS 0.7263

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2019-11-12

InTheWild.io 2019-11-12

ENISA EUVD EUVD-2019-9986

CWE

CWE-416 CWE-787

Status published

Products (3)

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Nov 12, 2019

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026