Published: 08/01/2019 Updated: 14/03/2019
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Vulnerability Summary

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Vulnerability Trend

Affected Products


# Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability # Google Dork: N/A # Date: March, 13 2019 # Exploit Author: Eduardo Braun Prado # Vendor Homepage: wwwmicrosoftcom/ # Software Link: wwwmicrosoftcom/ # Version: Windows 7 SP1, Server 2008, Server 2012, Server 2012 R2 ...