CVE-2019-0920: Microsoft Windows ADODB Type Confusion Remote Code Execution Vulnerability
First published: Wed Jun 12 2019(Updated: )
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0988, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Internet Explorer | ||
| Internet Explorer | =11 | |
| Windows 10 | ||
| Windows 10 | =1607 | |
| Windows 10 | =1703 | |
| Windows 10 | =1709 | |
| Windows 10 | =1803 | |
| Windows 10 | =1809 | |
| Windows 10 | =1903 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft Windows Server 2019 | ||
| Internet Explorer | =10 | |
| Internet Explorer | =9 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0920
- https://www.zerodayinitiative.com/advisories/ZDI-19-625/
- https://www.zerodayinitiative.com/advisories/ZDI-19-626/
- https://www.zerodayinitiative.com/advisories/ZDI-19-627/
- https://www.zerodayinitiative.com/advisories/ZDI-19-638/
- https://www.zerodayinitiative.com/advisories/ZDI-19-639/
Frequently Asked Questions
What is the severity of CVE-2019-0920?
CVE-2019-0920 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2019-0920?
To fix CVE-2019-0920, you should apply the latest security updates provided by Microsoft for affected products.
Which products are affected by CVE-2019-0920?
CVE-2019-0920 affects Microsoft Internet Explorer versions 9, 10, and 11 as well as various versions of Microsoft Windows.
What is the attack vector for CVE-2019-0920?
The attack vector for CVE-2019-0920 is through executing malicious scripts in the context of the user’s browser.
Can CVE-2019-0920 lead to data exposure?
Yes, CVE-2019-0920 can potentially lead to data exposure due to arbitrary code execution by an attacker.
- agent/references
- agent/type
- agent/weakness
- agent/title
- agent/remedy
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/trending
- agent/source
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-627
- alias/ZDI-CAN-7853
- alias/CVE-2019-0920
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- alias/ZDI-19-639
- alias/ZDI-CAN-7855
- alias/ZDI-19-638
- alias/ZDI-CAN-7854
- agent/event
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- alias/ZDI-19-625
- alias/ZDI-CAN-7754
- alias/ZDI-19-626
- alias/ZDI-CAN-7755
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/11
- canonical/windows 10
- version/windows 10/1607
- version/windows 10/1703
- version/windows 10/1709
- version/windows 10/1803
- version/windows 10/1809
- version/windows 10/1903
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows server 2016
- canonical/microsoft windows server 2019
- version/internet explorer/10
- version/internet explorer/9
- version/microsoft windows server/sp2
- canonical/microsoft windows operating system