CVE-2019-1367

CVE Database · CVE-2019-1367

CVE-2019-1367

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

52.73%

Published

Sep 23, 2019

Modified

Oct 29, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

TrickestTrickest PoC index GitHub PoCmandarenmanman/CVE-2019-1367★3

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (19)

microsoft · internet_explorervulnerable

microsoft · windows_server_2012

microsoft · internet_explorervulnerable

microsoft · windows_10_1607

microsoft · windows_10_1703

microsoft · windows_10_1709

microsoft · windows_10_1803

microsoft · windows_10_1809

microsoft · windows_10_1903

microsoft · windows_7

microsoft · windows_8.1

microsoft · windows_rt_8.1

· windows_server_2008

References (3)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1367

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs