Published: 23/09/2019 Updated: 24/09/2019
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Internet Explorer could allow a remote malicious user to execute arbitrary code on the system, caused by improper handling of objects in memory by the scripting engine. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftInternet Explorer9, 10, 11

Recent Articles

APT trends report Q1 2020
Securelist • GReAT • 30 Apr 2020

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
This is our latest installment, f...

Nation-State Attacks Drop in Latest Google Analysis
Threatpost • Tara Seals • 30 Mar 2020

Google has registered a significant drop in government-backed cyberattacks against its properties and the people who use its products.
Google sends out warnings if it detects that an account is a target of government-backed phishing or malware attempts. For 2019, the internet giant sent almost 40,000 warnings – which, while a large number, is still a nearly 25 percent drop from the year before.
Nation-State Trends
In terms of trends amongst the warnings, the analysis showed t...

IT threat evolution Q3 2019. Statistics
Securelist • Victor Chebyshev Fedor Sinitsyn Denis Parinov Boris Larin Oleg Kupreev Evgeny Lopatin • 29 Nov 2019

These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data.
According to Kaspersky Security Network:
In Q3 2019, we discovered an extremely unpleasant incident with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper’s task was to activate paid subscriptions, although it ...

Windows 10 KB4524147 Update May Cause Boot and Printing Issues
BleepingComputer • Lawrence Abrams • 05 Oct 2019

Windows 10 1903 users have started reporting boot, printing, and Start Menu issues after installing the KB4524147 cumulative update that go away once the update is uninstalled. Microsoft has not acknowledged any of these issues as of yet, but the amount of reports indicate that there is something going on with this update.
As typical with Windows updates, some users are having problems after installing the Windows 10 KB4524147 update, while others, like myself, are not having any issues ...

Windows 10 KB4524147 Cumulative Update Breaks the Start Menu
BleepingComputer • Sergiu Gatlan • 04 Oct 2019

The KB4524147 Cumulative Update for Windows 10, version 1903 is causing the Windows Start menu to crash with a critical error according to numerous user reports.
KB4524147 was released yesterday as an out-of-band security update together with a standalone IE Cumulative Update and some monthly rollup updates, and it is designed to address a printing issue plaguing all supported Windows client and server versions.
The printing issues experienced by Windows customers were trigge...

Microsoft Releases Windows Security Updates to Fix Printing Issue
BleepingComputer • Sergiu Gatlan • 03 Oct 2019

Microsoft today released out of band security updates, cumulative updates, and monthly rollup updates to address a printing issue plaguing all Windows client and server versions acknowledged on September 30.
"This is a required security update that expands the out-of-band update dated September 23, 2019," says Microsoft. "This security update includes the Internet Explorer scripting engine security vulnerability (CVE-2019-1367) mitigation and corrects a recent printing issue some users h...

Microsoft rushes out patch for Internet Explorer zero‑day
welivesecurity • Tomáš Foltýn • 25 Sep 2019

Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors.
The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is a remote code execution vulnerability that has to do with how the browser’s scripting engine handles objects in memory. It affects IE versions 9, 10 and 11.
If exploited, the securit...

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks
The Register • Shaun Nichols in San Francisco • 23 Sep 2019

Update browser ASAP after Google gurus spot miscreants abusing bug to hijack PCs

Microsoft today issued a rare emergency security update for Internet Explorer to address a critical flaw in the browser that's being exploited right now in the wild.
Redmond says the vulnerability, a scripting-engine memory-corruption bug designated CVE-2019-1367, can be abused by a malicious webpage or email to achieved remote code execution: that means Windows PCs can be hijacked by viewing a suitably booby-trapped website, or message, when using Internet Explorer. Malware, spyware, and ...

Microsoft Internet Explorer Zero-Day Flaw Addressed in Out-of-Band Security Update
Threatpost • Lindsey O'Donnell • 23 Sep 2019

Microsoft has released out-of-band security updates addressing two vulnerabilities – including an Internet Explorer zero-day vulnerability being actively exploited in the wild.
The Internet Explorer zero-day vulnerability (CVE-2019-1367) is a remote code execution flaw that could enable an attacker who successfully exploited it to gain the same user rights as the current user. The other flaw (CVE-2019-1255) is a denial-of-service flaw in Microsoft Defender. Both flaws are being addressed...

Microsoft Issues Windows Security Update for 0Day Vulnerability
BleepingComputer • Sergiu Gatlan • 23 Sep 2019

Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively.
The first one is a zero-day RCE vulnerability tracked as CVE-2019-1367 and disclosed by Clément Lecigne of Google’s Threat Analysis Group.
The CVE-2019-1367 scripting engine memory corruption vulnerability is known to have been exploited in the wild and it "exists in the way ...