Vulnerability Details : CVE-2019-0752
Public exploit exists!
Used for ransomware!
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2019-0752
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
CVE-2019-0752 is in the CISA Known Exploited Vulnerabilities Catalog
This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Internet Explorer Type Confusion Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2019-0752
Added on
2022-02-15
Action due date
2022-08-15
Exploit prediction scoring system (EPSS) score for CVE-2019-0752
91.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-0752
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-07 |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2019-0752
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2019-0752
-
http://packetstormsecurity.com/files/153078/Microsoft-Internet-Explorer-Windows-10-1809-17763.316-Memory-Corruption.html
Microsoft Internet Explorer Windows 10 1809 17763.316 Memory Corruption ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0752
CVE-2019-0752 | Scripting Engine Memory Corruption VulnerabilityPatch;Vendor Advisory
-
https://www.zerodayinitiative.com/advisories/ZDI-19-359/
ZDI-19-359 | Zero Day InitiativeThird Party Advisory;VDB Entry
Jump to