TROYANOSYVIRUS
Back to CVEs

CVE-2019-0541

HIGHCISA KEV
8.8

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

CVE Details

CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published1/8/2019
Last Modified10/29/2025
Sourcekev
Honeypot Sightings0

CISA KEV

VendorMicrosoft
ProductMSHTML
Vulnerability NameMicrosoft MSHTML Remote Code Execution Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown

Affected Products

microsoft:excel_viewermicrosoft:internet_explorermicrosoft:officemicrosoft:office_365_proplusmicrosoft:office_word_viewermicrosoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Weaknesses (CWE)

CWE-77CWE-77

References

http://www.securityfocus.com/bid/106402(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541(secure@microsoft.com)
https://www.exploit-db.com/exploits/46536/(secure@microsoft.com)
http://www.securityfocus.com/bid/106402(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46536/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0541(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.