Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2019-0761

Опубликовано: 12 мар. 2019
Источник: msrc
EPSS Низкий

Описание

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.

To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it.

The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.

Обновления

ПродуктСтатьяОбновление
Internet Explorer 10 on Windows Server 2012
44898914489873
Monthly RollupIE Cumulative
Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1
44898734489878
IE CumulativeMonthly Rollup
Internet Explorer 11 on Windows 8.1 for x64-based systems
44898734489881
IE CumulativeMonthly Rollup
Internet Explorer 11 on Windows Server 2012 R2
44898734489881
IE CumulativeMonthly Rollup
Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1
44898734489878
IE CumulativeMonthly Rollup
Internet Explorer 11 on Windows 8.1 for 32-bit systems
44898734489881
IE CumulativeMonthly Rollup
Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1
44898734489878
IE CumulativeMonthly Rollup
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems
4489868
Security Update
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems
4489868
Security Update
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems
4489868
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 92%
0.08313
Низкий

Связанные уязвимости

nvd логотип

CVE-2019-0761

CVSS3: 6.5
nvd
больше 6 лет назад

A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.

github логотип

GHSA-cw79-cv57-4v8x

CVSS3: 6.5
github
больше 3 лет назад

A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.

fstec логотип

BDU:2019-01188

CVSS3: 6.3
fstec
больше 6 лет назад

Уязвимость браузера Internet Explorer, связанная с небезопасным управлением привилегиями, позволяющая нарушителю частично оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 92%
0.08313
Низкий