CVE-2019-0768

Опубликовано: 12 мар. 2019

Источник: msrc

CVSS3: 4.3

EPSS Высокий

Описание

Internet Explorer Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.

In a web-based attack scenario, an attacker could host a website in an attempt to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability.

The update addresses the vulnerability by fixing how the Internet Explorer VBScript execution policy validates embedded VBScript content.

Обновления

Продукт	Статья	Обновление
Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems	4489868	Security Update
Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems	4489868	Security Update
Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems	4489868	Security Update
Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems	4489899	Security Update
Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems	4489899	Security Update
Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems	4489899	Security Update
Internet Explorer 11 on Windows Server 2019	4489899	Security Update
Internet Explorer 11 on Windows 10 Version 1709 for 32-bit Systems	4489886	Security Update
Internet Explorer 11 on Windows 10 Version 1709 for x64-based Systems	4489886	Security Update
Internet Explorer 11 on Windows 10 Version 1709 for ARM64-based Systems	4489886	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation More Likely

Older Software Release

Exploitation More Likely

DOS

N/A

EPSS

Процентиль: 99%

0.88056

Высокий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2019-0768

CVSS3: 4.3

nvd

больше 6 лет назад

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

GHSA-x6pv-8jh5-cv2g

CVSS3: 4.3

github

больше 3 лет назад

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

BDU:2019-01194

CVSS3: 4.3

fstec

больше 6 лет назад

Уязвимость обработчика сценариев VBScript браузера Internet Explorer, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 99%

0.88056

Высокий

4.3 Medium

CVSS3