Lucene search

K
mscveMicrosoftMS:CVE-2019-0995
HistoryMay 14, 2019 - 7:00 a.m.

Internet Explorer Security Feature Bypass Vulnerability

2019-05-1407:00:00
Microsoft
msrc.microsoft.com
8

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.6%

A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries. The vulnerability allows Internet Explorer to bypass Mark of the Web warnings or restrictions for files downloaded or created in a specific way.

In a web-based attack scenario, an attacker would need to host a malicious file that is designed to exploit the vulnerability and then convince a user to download the malicious file and then open the file in Internet Explorer.

The security update addresses the vulnerability by modifying how urlmon.dll handles Mark of the Web queries.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.6%

Related for MS:CVE-2019-0995