Lucene search

K
cveMicrosoftCVE-2019-1236
HistorySep 11, 2019 - 10:15 p.m.

CVE-2019-1236

2019-09-1122:15:15
CWE-787
microsoft
web.nvd.nist.gov
78
cve-2019-1236
remote code execution
vbscript
nvd

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.04

Percentile

92.1%

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka ‘VBScript Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2019-1208.

Affected configurations

Nvd
Vulners
Node
microsoftwindows_10Match-
OR
microsoftwindows_10Match1607
OR
microsoftwindows_10Match1703
OR
microsoftwindows_10Match1709
OR
microsoftwindows_10Match1803
OR
microsoftwindows_10Match1809
OR
microsoftwindows_10Match1903
OR
microsoftwindows_7Match-sp1
OR
microsoftwindows_8.1Match-
OR
microsoftwindows_rt_8.1Match-
OR
microsoftwindows_server_2008Matchr2sp1x64
OR
microsoftwindows_server_2012Match-
OR
microsoftwindows_server_2012Matchr2
OR
microsoftwindows_server_2016Match-
OR
microsoftwindows_server_2019Match-
AND
microsoftinternet_explorerMatch11-
Node
microsoftwindows_server_2012Match-
AND
microsoftinternet_explorerMatch10
Node
microsoftwindows_server_2008Match-sp2
AND
microsoftinternet_explorerMatch9
VendorProductVersionCPE
microsoftinternet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2cpe:2.3:a:microsoft:internet_explorer_9:Windows Server 2008 for 32-bit Systems Service Pack 2:*:*:*:*:*:*:*
microsoftinternet_explorer_9Windows Server 2008 for x64-based Systems Service Pack 2cpe:2.3:a:microsoft:internet_explorer_9:Windows Server 2008 for x64-based Systems Service Pack 2:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows 7 for 32-bit Systems Service Pack 1cpe:2.3:a:microsoft:internet_explorer_11:Windows 7 for 32-bit Systems Service Pack 1:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows 7 for x64-based Systems Service Pack 1cpe:2.3:a:microsoft:internet_explorer_11:Windows 7 for x64-based Systems Service Pack 1:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows Server 2008 R2 for x64-based Systems Service Pack 1cpe:2.3:a:microsoft:internet_explorer_11:Windows Server 2008 R2 for x64-based Systems Service Pack 1:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows 8.1 for 32-bit systemscpe:2.3:a:microsoft:internet_explorer_11:Windows 8.1 for 32-bit systems:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows 8.1 for x64-based systemscpe:2.3:a:microsoft:internet_explorer_11:Windows 8.1 for x64-based systems:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows Server 2012 R2cpe:2.3:a:microsoft:internet_explorer_11:Windows Server 2012 R2:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows RT 8.1cpe:2.3:a:microsoft:internet_explorer_11:Windows RT 8.1:*:*:*:*:*:*:*
microsoftinternet_explorer_11Windows 10 for 32-bit Systemscpe:2.3:a:microsoft:internet_explorer_11:Windows 10 for 32-bit Systems:*:*:*:*:*:*:*
Rows per page:
1-10 of 311

CNA Affected

[
  {
    "product": "Internet Explorer 9",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
      },
      {
        "status": "affected",
        "version": "Windows Server 2008 for x64-based Systems Service Pack 2"
      }
    ]
  },
  {
    "product": "Internet Explorer 11",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Windows 7 for 32-bit Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "Windows 7 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
      },
      {
        "status": "affected",
        "version": "Windows 8.1 for 32-bit systems"
      },
      {
        "status": "affected",
        "version": "Windows 8.1 for x64-based systems"
      },
      {
        "status": "affected",
        "version": "Windows Server 2012 R2"
      },
      {
        "status": "affected",
        "version": "Windows RT 8.1"
      },
      {
        "status": "affected",
        "version": "Windows 10 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows Server 2016"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1607 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1607 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1703 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1703 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1709 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1709 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1803 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1803 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1803 for ARM64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1809 for 32-bit Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1809 for x64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1809 for ARM64-based Systems"
      },
      {
        "status": "affected",
        "version": "Windows Server 2019"
      },
      {
        "status": "affected",
        "version": "Windows 10 Version 1709 for ARM64-based Systems"
      }
    ]
  },
  {
    "product": "Internet Explorer 11 on Windows Server 2012",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Internet Explorer 10",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "Windows Server 2012"
      }
    ]
  }
]

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0.04

Percentile

92.1%