Published: 08/04/2019 Updated: 24/08/2020

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer 9
microsoft internet_explorer 10
microsoft internet_explorer 11

<!-- There is an issue in VBScript in the VbsErase function In some cases (see the attached PoC), VbsErase fails to clear the argument variable properly, which can trivially lead to crafting a variable with the array type, but with a pointer controlled controlled by an attacker This issue was most likely introduced in an attempt to fix a previ ...

Microsoft Patch Tuesday – March 2019

Symantec Threat Intelligence Blog • Ratheesh PM • 13 Mar 2024

This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.

Posted: 13 Mar, 201920 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – March 2019This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handlin...

CVE-2019-0667

Vulnerability Summary

Vulnerability Trend

Exploits

Recent Articles

References

Vulmon Search

About

Products

Connect