A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft internet_explorer 9 |
||
microsoft internet_explorer 10 |
||
microsoft internet_explorer 11 |
This month the vendor has patched 75 vulnerabilities, 14 of which are rated Critical.
Posted: 15 Nov, 201922 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – November 2019This month the vendor has patched 75 vulnerabilities, 14 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handling files from unknown or questiona...
Google wants researchers, vendors to stop making attacks easy Apple emits emergency iOS security updates while warning holes may have been exploited in wild by hackers
Enigma To limit the impact of zero-day vulnerabilities, Google security researcher Maddie Stone would like those developing software fixes to stop delivering shoddy patches. In a presentation at USENIX's Enigma 2021 virtual conference on Tuesday, Stone offered an overview of the zero-day exploits detected in 2020. A zero-day, she explained for attendees outside the infosec community, refers to an exploit targeting a previously unidentified vulnerability. Zero-day flaws are a problem because they...
IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’. The campaign involved a backdoor Trojan that the attackers distributed via dozens of apps in Google Play and elsewhere. Dr Web first reported the malware in July 2019, but we decided to investigate because the Trojan was more sophisticated than most malware for stealing money or displaying ...
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our ...
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now tha...
Intel joins the fun with monthly releases from Adobe, SAP
Patch Tuesday The November edition of Patch Tuesday has landed with scheduled updates from Microsoft, Adobe, and SAP, along with the debut of a new update calendar from Intel. Microsoft's monthly batch of fixes addresses 74 CVE-listed security vulnerabilities, more than a dozen of them considered to be critical risks. One of those vulnerabilities, CVE-2019-1429, is already under attack in the wild. The flaw is a remote code execution vulnerability, specifically a memory-corrupting hole, in Inter...