Remote Code Execution Vulnerability in Internet Explorer by Microsoft
CVE-2019-1429
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 12 November 2019
Badges
What is CVE-2019-1429?
A remote code execution vulnerability exists when the scripting engine in Internet Explorer fails to properly manage objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. This could allow for the installation of programs, viewing, changing, or deleting data, and the ability to create new accounts with full user rights. The vulnerability is distinct from similar issues reported in multiple other CVEs in the same timeframe, highlighting the specific risks associated with the scripting engine in Windows environments.
CISA has reported CVE-2019-1429
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2019-1429 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Affected Version(s)
Internet Explorer 10 Windows Server 2012
Internet Explorer 11 Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 Windows 7 for x64-based Systems Service Pack 1
References
EPSS Score
83% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published
Vulnerability Reserved