漏洞标题
脚本引擎内存破坏漏洞
漏洞描述信息
存在一个远程代码执行漏洞,该漏洞存在于Internet Explorer中脚本引擎处理内存对象的方式,即“脚本引擎内存 corruptability 漏洞”。与CVE-2019-1194不同的是,这个CVE ID是唯一的。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Scripting Engine Memory Corruption Vulnerability
漏洞描述信息
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
Microsoft Internet Explorer 缓冲区错误漏洞
漏洞描述信息
Microsoft Internet Explorer(IE)是美国微软(Microsoft)公司的一款Windows操作系统附带的Web浏览器。 Microsoft IE 9、10和11中处理内存对象的方式存在远程代码执行漏洞。攻击者可利用该漏洞在当前用户的上下文中执行任意代码,损坏内存。
CVSS信息
N/A
漏洞类别
缓冲区错误