Vulnerability-Lookup

CVE-2019-0676 (GCVE-0-2019-0676)

Vulnerability from cvelistv5 – Published: 2019-03-06 00:00 – Updated: 2025-10-21 23:45

Summary

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

Information Disclosure

Assigner

microsoft

References

URL

Tags

	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/106886	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

Microsoft

Internet Explorer 11

Affected: Windows 7 for 32-bit Systems Service Pack 1
Affected: Windows 7 for x64-based Systems Service Pack 1
Affected: Windows Server 2008 R2 for x64-based Systems Service Pack 1
Affected: Windows 8.1 for 32-bit systems
Affected: Windows 8.1 for x64-based systems
Affected: Windows Server 2012 R2
Affected: Windows RT 8.1
Affected: Windows 10 for 32-bit Systems
Affected: Windows 10 for x64-based Systems
Affected: Windows Server 2016
Affected: Windows 10 Version 1607 for 32-bit Systems
Affected: Windows 10 Version 1607 for x64-based Systems
Affected: Windows 10 Version 1703 for 32-bit Systems
Affected: Windows 10 Version 1703 for x64-based Systems
Affected: Windows 10 Version 1709 for 32-bit Systems
Affected: Windows 10 Version 1709 for x64-based Systems
Affected: Windows 10 Version 1803 for 32-bit Systems
Affected: Windows 10 Version 1803 for x64-based Systems
Affected: Windows 10 Version 1803 for ARM64-based Systems
Affected: Windows 10 Version 1809 for 32-bit Systems
Affected: Windows 10 Version 1809 for x64-based Systems
Affected: Windows 10 Version 1809 for ARM64-based Systems
Affected: Windows Server 2019
Affected: Windows 10 Version 1709 for ARM64-based Systems

Microsoft

Internet Explorer 10

Affected: Windows Server 2012

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:27.202Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
          },
          {
            "name": "106886",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106886"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-0676",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T16:20:26.870309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-05-23",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:45:42.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-05-23T00:00:00.000Z",
            "value": "CVE-2019-0676 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Internet Explorer 11",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "Windows 10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows Server 2016"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows Server 2019"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for ARM64-based Systems"
            }
          ]
        },
        {
          "product": "Internet Explorer 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows Server 2012"
            }
          ]
        }
      ],
      "datePublic": "2019-03-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-06T10:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
        },
        {
          "name": "106886",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106886"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0676",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Internet Explorer 11",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "Windows Server 2012 R2"
                          },
                          {
                            "version_value": "Windows RT 8.1"
                          },
                          {
                            "version_value": "Windows 10 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows Server 2016"
                          },
                          {
                            "version_value": "Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows Server 2019"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Internet Explorer 10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows Server 2012"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
            },
            {
              "name": "106886",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106886"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0676",
    "datePublished": "2019-03-06T00:00:00.000Z",
    "dateReserved": "2018-11-26T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:45:42.572Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2019-0676",
      "dateAdded": "2022-05-23",
      "dueDate": "2022-06-13",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2019-0676",
      "product": "Internet Explorer",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Internet Explorer Information Disclosure Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/106886\", \"name\": \"106886\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T17:51:27.202Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-0676\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-07T16:20:26.870309Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-05-23\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-05-23T00:00:00.000Z\", \"value\": \"CVE-2019-0676 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-07T16:19:28.493Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Microsoft\", \"product\": \"Internet Explorer 11\", \"versions\": [{\"status\": \"affected\", \"version\": \"Windows 7 for 32-bit Systems Service Pack 1\"}, {\"status\": \"affected\", \"version\": \"Windows 7 for x64-based Systems Service Pack 1\"}, {\"status\": \"affected\", \"version\": \"Windows Server 2008 R2 for x64-based Systems Service Pack 1\"}, {\"status\": \"affected\", \"version\": \"Windows 8.1 for 32-bit systems\"}, {\"status\": \"affected\", \"version\": \"Windows 8.1 for x64-based systems\"}, {\"status\": \"affected\", \"version\": \"Windows Server 2012 R2\"}, {\"status\": \"affected\", \"version\": \"Windows RT 8.1\"}, {\"status\": \"affected\", \"version\": \"Windows 10 for 32-bit Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 for x64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows Server 2016\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1607 for 32-bit Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1607 for x64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1703 for 32-bit Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1703 for x64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1709 for 32-bit Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1709 for x64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1803 for 32-bit Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1803 for x64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1803 for ARM64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1809 for 32-bit Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1809 for x64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1809 for ARM64-based Systems\"}, {\"status\": \"affected\", \"version\": \"Windows Server 2019\"}, {\"status\": \"affected\", \"version\": \"Windows 10 Version 1709 for ARM64-based Systems\"}]}, {\"vendor\": \"Microsoft\", \"product\": \"Internet Explorer 10\", \"versions\": [{\"status\": \"affected\", \"version\": \"Windows Server 2012\"}]}], \"datePublic\": \"2019-03-05T00:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"http://www.securityfocus.com/bid/106886\", \"name\": \"106886\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Information Disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2019-03-06T10:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Windows 7 for 32-bit Systems Service Pack 1\"}, {\"version_value\": \"Windows 7 for x64-based Systems Service Pack 1\"}, {\"version_value\": \"Windows Server 2008 R2 for x64-based Systems Service Pack 1\"}, {\"version_value\": \"Windows 8.1 for 32-bit systems\"}, {\"version_value\": \"Windows 8.1 for x64-based systems\"}, {\"version_value\": \"Windows Server 2012 R2\"}, {\"version_value\": \"Windows RT 8.1\"}, {\"version_value\": \"Windows 10 for 32-bit Systems\"}, {\"version_value\": \"Windows 10 for x64-based Systems\"}, {\"version_value\": \"Windows Server 2016\"}, {\"version_value\": \"Windows 10 Version 1607 for 32-bit Systems\"}, {\"version_value\": \"Windows 10 Version 1607 for x64-based Systems\"}, {\"version_value\": \"Windows 10 Version 1703 for 32-bit Systems\"}, {\"version_value\": \"Windows 10 Version 1703 for x64-based Systems\"}, {\"version_value\": \"Windows 10 Version 1709 for 32-bit Systems\"}, {\"version_value\": \"Windows 10 Version 1709 for x64-based Systems\"}, {\"version_value\": \"Windows 10 Version 1803 for 32-bit Systems\"}, {\"version_value\": \"Windows 10 Version 1803 for x64-based Systems\"}, {\"version_value\": \"Windows 10 Version 1803 for ARM64-based Systems\"}, {\"version_value\": \"Windows 10 Version 1809 for 32-bit Systems\"}, {\"version_value\": \"Windows 10 Version 1809 for x64-based Systems\"}, {\"version_value\": \"Windows 10 Version 1809 for ARM64-based Systems\"}, {\"version_value\": \"Windows Server 2019\"}, {\"version_value\": \"Windows 10 Version 1709 for ARM64-based Systems\"}]}, \"product_name\": \"Internet Explorer 11\"}, {\"version\": {\"version_data\": [{\"version_value\": \"Windows Server 2012\"}]}, \"product_name\": \"Internet Explorer 10\"}]}, \"vendor_name\": \"Microsoft\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676\", \"name\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676\", \"refsource\": \"CONFIRM\"}, {\"url\": \"http://www.securityfocus.com/bid/106886\", \"name\": \"106886\", \"refsource\": \"BID\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"Information Disclosure\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2019-0676\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secure@microsoft.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-0676\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:45:42.572Z\", \"dateReserved\": \"2018-11-26T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2019-03-06T00:00:00.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CVE-2019-0676

Vulnerability from fstec - Published: 12.02.2019

Title

Уязвимость веб-браузера Internet Explorer, вызваная чтением за границами буфера в памяти, позволяющая нарушителю получить доступ к защищаемой информации

Description

Уязвимость браузера Internet Explorer вызвана чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить доступ к защищаемой информации используя специально созданную веб-страницу

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Vendor

Microsoft Corp

Software Name

Internet Explorer

Software Version

10 (Internet Explorer), 11 (Internet Explorer)

Possible Mitigations

Обновление программного обеспечения до более поздней версии

Reference

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10 (Internet Explorer), 11 (Internet Explorer)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.02.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.09.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.03.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00946",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0676",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Internet Explorer",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows 7 Service Pack 1 - 64-bit, Microsoft Corp Windows 7 Service Pack 1 - 32-bit, Microsoft Corp Windows 8.1 - 64-bit, Microsoft Corp Windows 8.1 - 32-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows Server 2008 R2 Service Pack 1 - 64-bit, Microsoft Corp Windows RT 8.1 - ARM, Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Microsoft Corp Windows 10 1703 - 32-bit, Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows 10 1703 - 64-bit, Microsoft Corp Windows 10 1709 - 64-bit, Microsoft Corp Windows 10 1709 - 32-bit, Microsoft Corp Windows 10 1803 - 64-bit, Microsoft Corp Windows 10 1803 - 32-bit, Microsoft Corp Windows 10 1809 - 64-bit, Microsoft Corp Windows 10 1809 - 32-bit, Microsoft Corp Windows Server 2019 - , Microsoft Corp Windows 10 1809 - ARM64, Microsoft Corp Windows 10 1709 - ARM64, Microsoft Corp Windows 10 1803 - ARM64",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Internet Explorer, \u0432\u044b\u0437\u0432\u0430\u043d\u0430\u044f \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Internet Explorer \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

GSD-2019-0676

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0676

Aliases

CVE-2019-0676

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0676",
    "description": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027.",
    "id": "GSD-2019-0676"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0676"
      ],
      "details": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027.",
      "id": "GSD-2019-0676",
      "modified": "2023-12-13T01:23:39.370729Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2019-0676",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Internet Explorer 11",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                        },
                        {
                          "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                        },
                        {
                          "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                        },
                        {
                          "version_value": "Windows 8.1 for 32-bit systems"
                        },
                        {
                          "version_value": "Windows 8.1 for x64-based systems"
                        },
                        {
                          "version_value": "Windows Server 2012 R2"
                        },
                        {
                          "version_value": "Windows RT 8.1"
                        },
                        {
                          "version_value": "Windows 10 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows Server 2016"
                        },
                        {
                          "version_value": "Windows 10 Version 1607 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1607 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1703 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1703 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1709 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1709 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1803 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1803 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                        },
                        {
                          "version_value": "Windows Server 2019"
                        },
                        {
                          "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Internet Explorer 10",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Windows Server 2012"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
          },
          {
            "name": "106886",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106886"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0676"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
            },
            {
              "name": "106886",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106886"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-03-05T23:29Z"
    }
  }
}

FKIE_CVE-2019-0676

Vulnerability from fkie_nvd - Published: 2019-03-05 23:29 - Updated: 2025-10-29 14:45

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/106886	Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106886	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676	Patch, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676	US Government Resource

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	10
microsoft	windows_server_2012	-
microsoft	internet_explorer	11
microsoft	windows_10_1507	-
microsoft	windows_10_1507	-
microsoft	windows_10_1607	-
microsoft	windows_10_1607	-
microsoft	windows_10_1703	-
microsoft	windows_10_1703	-
microsoft	windows_10_1709	-
microsoft	windows_10_1709	-
microsoft	windows_10_1709	-
microsoft	windows_10_1803	-
microsoft	windows_10_1803	-
microsoft	windows_10_1803	-
microsoft	windows_10_1809	-
microsoft	windows_10_1809	-
microsoft	windows_10_1809	-
microsoft	windows_7	-
microsoft	windows_8.1	-
microsoft	windows_rt_8.1	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2012	r2
microsoft	windows_server_2016	-
microsoft	windows_server_2019	-

JSON

To clipboard

{
  "cisaActionDue": "2022-06-13",
  "cisaExploitAdd": "2022-05-23",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Internet Explorer Information Disclosure Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "B98DB3FF-CC3B-4E9F-A9CC-EC4C89AF3B31",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1703:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "8733BF37-7BF2-409D-9452-DA8A92DA1124",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "555C22C7-356D-4DA7-8CED-DA7423BBC6CF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "40151476-C0FD-4336-8194-039E8827B7C8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "D82F8AF7-ED01-4649-849E-F248F0E02384",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "73D24713-D897-408D-893B-77A61982597D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Internet Explorer gestiona inadecuadamente los objetos en la memoria. Un atacante que explote con \u00e9xito esta vulnerabilidad podr\u00eda averiguar si existen archivos en el disco. Esto tambi\u00e9n se conoce como \"Internet Explorer Information Disclosure Vulnerability\u0027."
    }
  ],
  "id": "CVE-2019-0676",
  "lastModified": "2025-10-29T14:45:47.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2019-03-05T23:29:02.613",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106886"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2019-AVI-059

Vulnerability from certfr_avis - Published: 2019-02-13 - Updated: 2019-02-13

De multiples vulnérabilités ont été corrigées dans Microsoft IE. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Internet Explorer 9
Microsoft	N/A	Internet Explorer 10
Microsoft	N/A	Internet Explorer 11

References

Title

Publication Time

GHSA-49RQ-P3M9-2CQC

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2025-10-22 00:31

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0676"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-05T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka \u0027Internet Explorer Information Disclosure Vulnerability\u0027.",
  "id": "GHSA-49rq-p3m9-2cqc",
  "modified": "2025-10-22T00:31:37Z",
  "published": "2022-05-13T01:21:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0676"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0676"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0676"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106886"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0676 (GCVE-0-2019-0676)

CVE-2019-0676

GSD-2019-0676

FKIE_CVE-2019-0676

CERTFR-2019-AVI-059

Solution

GHSA-49RQ-P3M9-2CQC

Tags

Sightings

Nomenclature