Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv3

CVE-2019-0768

Published: 09/04/2019 Updated: 24/08/2020
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 436
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Microsoft

Vulnerability Summary

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 11

Exploits

Exploit DB: Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
<!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 (not tested earlier) Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which allow a web page to bypass the security zone p ...
Exploit DB: Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption
Microsoft Internet Explorer Windows 10 1809 17763316 scripting engine memory corruption exploit ...

Github Repositories

https://github.com/CreatePhotonW/CVE-2019-1221

PoC exploit for CVE-2019-1221 Lost the origin of this PoC Targets Internet Explorer 11 32-bit on Windows 10 x64 upto RS5 Uses "VBScriptEncode" / CVE-2019-0768 so that exploit works up to RS5 Runs calc using WinExec

https://github.com/ruthlezs/ie11_vbscript_exploit

Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11)

IE11 VBScript Exploit Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11) Prerequisite Metasploit msfvenom Usage python ie11_vbscriptpy [Listener IP] [Listener Port] Instruction Use this script to generate "exploithtml" Host the html file on your server Setup a handler with windows/meterpreter/reverse_tcp in Metasploit

Recent Articles

Microsoft Patch Tuesday – March 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 13 Mar 2024

This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.

Posted: 13 Mar, 201920 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – March 2019This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handlin...

Read more...

References

CWE-20https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0768https://nvd.nist.govhttps://github.com/CreatePhotonW/CVE-2019-1221https://github.com/ruthlezs/ie11_vbscript_exploithttps://www.exploit-db.com/exploits/46567
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook