TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2019-0541

HIGHCISA KEV
8.8

Beschreibung

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

CVE Details

CVSS v3.1 Bewertung8.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht1/8/2019
Zuletzt geandert10/29/2025
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerMicrosoft
ProduktMSHTML
SchwachstellennameMicrosoft MSHTML Remote Code Execution Vulnerability
KEV Aufnahmedatum2021-11-03
Behebungsfrist2022-05-03
Ransomware-NutzungUnknown

Betroffene Produkte

microsoft:excel_viewermicrosoft:internet_explorermicrosoft:officemicrosoft:office_365_proplusmicrosoft:office_word_viewermicrosoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Schwachen (CWE)

CWE-77CWE-77

Referenzen

http://www.securityfocus.com/bid/106402(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541(secure@microsoft.com)
https://www.exploit-db.com/exploits/46536/(secure@microsoft.com)
http://www.securityfocus.com/bid/106402(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46536/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0541(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.