CVE-2019-1429

CVE Database · CVE-2019-1429

CVE-2019-1429

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

72.63%

Published

Nov 12, 2019

Modified

Jan 14, 2026

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBInternet Explorer - Use-After-Free in JScript Arguments During toJSON Callback TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-787CWE-416

Affected Products (20)

microsoft · internet_explorervulnerable

microsoft · windows_server_2008

microsoft · internet_explorervulnerable

microsoft · windows_server_2012

microsoft · internet_explorervulnerable

microsoft · windows_10_1507

microsoft · windows_10_1607