Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2019-0609

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Internet Explorer 11; Microsoft Edge; Chakracore
Vendor: CVE Published:; 8 April 2019

Summary

A remote code execution vulnerability arises from the improper handling of objects in memory by the scripting engine in Microsoft browsers. This flaw could allow an attacker to execute arbitrary code on an affected system if a user views a specially crafted webpage. Successful exploitation requires the user to visit a malicious site, which could lead to data theft, system compromise, or other harmful actions. Users are encouraged to apply the latest security updates to mitigate risks associated with this vulnerability.

Affected Version(s)

ChakraCore Windows Server 2019

Internet Explorer 11 Windows 7 for 32-bit Systems Service Pack 1

Internet Explorer 11 Windows 7 for x64-based Systems Service Pack 1

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2019
Vulnerability Reserved
Nov 26, 2018