4.3
CVSSv2

CVE-2019-0768

Published: 09/04/2019 Updated: 09/04/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

A vulnerability in Microsoft Internet Explorer could allow an unauthenticated, remote malicious user to bypass security restrictions on a targeted system. The vulnerability exists because the affected software improperly implements VBScript execution policy restrictions. An attacker could exploit this vulnerability by persuading a user to access a link that submits malicious input to the affected software. A successful exploit could allow the malicious user to bypass security restrictions and send restricted data. Microsoft confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftInternet Explorer11

Exploits

<!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 (not tested earlier) Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which allow a web page to bypass the security zone p ...

Mailing Lists

Microsoft Internet Explorer Windows 10 1809 17763316 scripting engine memory corruption exploit ...

Github Repositories

IE11 VBScript Exploit Exploit Generator for CVE-2018-8174 & CVE-2019-0768 (RCE via VBScript Execution in IE11) Prerequisite Metasploit msfvenom Usage python ie11_vbscriptpy [Listener IP] [Listener Port] Instruction Use this script to generate "exploithtml" Host the html file on your server Setup a handler with windows/meterpreter/reverse_tcp in Metasploit

Recent Articles

Microsoft Patch Tuesday – March 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 13 Mar 2019

This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.

Posted: 13 Mar, 201920 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – March 2019This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining ...