CVE-2019-0541

Known Exploited Public Exploit

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

References

Link	Tags
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541	patch vendor advisory
https://www.exploit-db.com/exploits/46536/	third party advisory vdb entry exploit
http://www.securityfocus.com/bid/106402	broken link third party advisory vdb entry

Frequently Asked Questions

What is the severity of CVE-2019-0541?: CVE-2019-0541 has been scored as a high severity vulnerability.
How to fix CVE-2019-0541?: To fix CVE-2019-0541, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-0541 being actively exploited in the wild?: It is confirmed that CVE-2019-0541 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~84% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-0541?: CVE-2019-0541 affects Microsoft Microsoft Office, Microsoft Microsoft Office Word Viewer, Microsoft Internet Explorer 9, Microsoft Internet Explorer 11, Microsoft Microsoft Excel Viewer, Microsoft Internet Explorer 10, Microsoft Office.

Description

Category

CWE-77 – Improper Neutralization of Special Elements used in a Command ('Command Injection')

References

Frequently Asked Questions