Remote Code Execution Vulnerability in Internet Explorer by Microsoft
CVE-2019-0988

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Internet Explorer 10; Internet Explorer 11; Microsoft Edge (edgehtml-based)
Vendor: CVE Published:; 12 June 2019

What is CVE-2019-0988?

A vulnerability exists in Internet Explorer due to improper handling of objects in memory by the scripting engine, allowing an attacker to execute arbitrary code on the affected system. This issue is initiated when a user visits a specially crafted web page that triggers the vulnerability within the browser. Successfully exploiting this vulnerability could enable an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. The exploitation requires a user to be logged onto the system, and it may also impact user engagement through social engineering tactics. For further details, refer to the advisory from Microsoft and the Zero Day Initiative's announcement.

Affected Version(s)

Internet Explorer 10 Windows Server 2012 1.0.0

Internet Explorer 11 Windows 10 Version 1703 for 32-bit Systems 1.0.0

Microsoft Edge (EdgeHTML-based) Windows 10 for 32-bit Systems 1.0..0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2019
Vulnerability Reserved
Nov 26, 2018