TROYANOSYVIRUS
Voltar para CVEs

CVE-2019-0541

HIGHCISA KEV
8.8

Descricao

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

Detalhes CVE

Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado1/8/2019
Ultima modificacao10/29/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft
ProdutoMSHTML
Nome da vulnerabilidadeMicrosoft MSHTML Remote Code Execution Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareUnknown

Produtos afetados

microsoft:excel_viewermicrosoft:internet_explorermicrosoft:officemicrosoft:office_365_proplusmicrosoft:office_word_viewermicrosoft:windows_10_1507microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_10_1709microsoft:windows_10_1803microsoft:windows_10_1809microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016microsoft:windows_server_2019

Fraquezas (CWE)

CWE-77CWE-77

Referencias

http://www.securityfocus.com/bid/106402(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541(secure@microsoft.com)
https://www.exploit-db.com/exploits/46536/(secure@microsoft.com)
http://www.securityfocus.com/bid/106402(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46536/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0541(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.