Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
765
VMScore

CVE-2019-0752

Published: 09/04/2019 Updated: 17/03/2023
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Microsoft

Vulnerability Summary

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 11

microsoft internet_explorer 10

Exploits

Exploit DB: Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption
<!-- Full exploit of ZDI-19-359/ZDI-CAN-7757/CVE-2019-0752 --> <!-- Target: Internet Explorer, Windows 10 1809 17763316 (Feb 2019 patch level) --> <!-- Vulnerability and original exploit technique by Simon Zuckerbraun (@HexKitchen), Mar 2019 --> <!-- Tgroupcrew@gmailcom -- ...
Exploit DB: Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption
Microsoft Internet Explorer Windows 10 1809 17763316 scripting engine memory corruption exploit ...

Github Repositories

https://github.com/CreatePhotonW/CVE-2019-0752

wwwthezdicom/blog/2019/5/21/rce-without-native-code-exploitation-of-a-write-what-where-in-internet-explorer PoC exploit for CVE-2019-0752 Targets Internet Explorer 11 32bit on Windows 10 x64 up to RS4, RS5? Uses special address values in adddition to some path magic to avoid using powershell and the block comment Uses javascript to create the necessary dom elements to

Recent Articles

Microsoft Patch Tuesday – April 2019
Symantec Threat Intelligence Blog • Himanshu Mehta • 10 Apr 2024

This month the vendor has patched 74 vulnerabilities, 14 of which are rated Critical.

Posted: 10 Apr, 201927 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – April 2019This month the vendor has patched 74 vulnerabilities, 14 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handlin...

Read more...

References

CWE-843https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752https://www.zerodayinitiative.com/advisories/ZDI-19-359/http://packetstormsecurity.com/files/153078/Microsoft-Internet-Explorer-Windows-10-1809-17763.316-Memory-Corruption.htmlhttps://nvd.nist.govhttps://github.com/CreatePhotonW/CVE-2019-0752https://www.exploit-db.com/exploits/46928
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook