CVE-2019-0768

moderate-risk
Published 2019-04-09

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Do I need to act?

!
72.4% chance of exploitation in next 30 days
EPSS score — higher than 28% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
46567
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Microsoft

References (2)

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0768
Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0768
49
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 26/34 · High
Exposure 5/34 · Minimal