Vulnerability in Microsoft Internet Explorer 10
CVE-2019-0940
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
EPSS: 0.530 (98.0th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Internet Explorer 10 — versions Windows Server 2012
- Microsoft Internet Explorer 11 — versions Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Microsoft Internet Explorer 11 On Windows 10 Version 1903 For 32-bit Systems — versions unspecified
- Microsoft Internet Explorer 11 On Windows 10 Version 1903 For Arm64-based Systems — versions unspecified
- Microsoft Internet Explorer 11 On Windows 10 Version 1903 For X64-based Systems — versions unspecified
- Microsoft Internet Explorer 11 On Windows Server 2012 — versions unspecified
- Microsoft Edge — versions Windows 10 for 32-bit Systems, Windows 10 for x64-based Systems, Windows Server 2016
- Microsoft Edge On Windows 10 Version 1903 For 32-bit Systems — versions unspecified
- Microsoft Edge On Windows 10 Version 1903 For Arm64-based Systems — versions unspecified
- Microsoft Edge On Windows 10 Version 1903 For X64-based Systems — versions unspecified
Public proof-of-concept exploits
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0940 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-0940?
- CVE-2019-0940 is a vulnerability in Microsoft Internet Explorer 10. Published 2019-05-16.
- Is CVE-2019-0940 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.