Login Sign Up

CVE-2019-1367

7.5 HIGH
Remote Code Execution

📋 TL;DR

This is a remote code execution vulnerability in Internet Explorer's scripting engine that allows attackers to execute arbitrary code on affected systems. It affects users running vulnerable versions of Internet Explorer on Windows systems. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:
  • Internet Explorer
Versions: Internet Explorer 9, 10, and 11
Operating Systems: Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected Internet Explorer versions are vulnerable. Windows Server installations with Internet Explorer installed are also affected.

📦 What is this software?

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Malware installation, credential theft, and system compromise leading to data exfiltration or botnet recruitment.

🟢

If Mitigated

Limited impact with proper network segmentation, application whitelisting, and user privilege restrictions.

🌐 Internet-Facing: HIGH - Internet Explorer is commonly used for web browsing, making systems directly exposed to malicious websites.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

This vulnerability has been actively exploited in the wild. Attackers can exploit it by tricking users to visit malicious websites.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2019 security updates (KB4519976, KB4520004, KB4520007, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

Restart Required: Yes

Instructions:

1. Apply the October 2019 security updates from Microsoft. 2. Restart affected systems. 3. Verify the patch is installed via Windows Update history.

🔧 Temporary Workarounds

Disable Internet Explorer scripting

windows

Disable Active Scripting in Internet Explorer to prevent exploitation

Set Internet Options > Security > Custom Level > Scripting > Active Scripting to Disable

Restrict Internet Explorer access

windows

Use Group Policy to restrict Internet Explorer usage or disable it entirely

gpedit.msc > Computer Configuration > Administrative Templates > Windows Components > Internet Explorer

🧯 If You Can't Patch

  • Disable Internet Explorer and use alternative browsers like Microsoft Edge or Chrome
  • Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check Internet Explorer version via Help > About Internet Explorer. If version is 9, 10, or 11 without October 2019 updates, system is vulnerable.

Check Version:

wmic datafile where name="C:\\Program Files\\Internet Explorer\\iexplore.exe" get version

Verify Fix Applied:

Check Windows Update history for October 2019 security updates (KB4519976, KB4520004, KB4520007, etc.)

📡 Detection & Monitoring

Log Indicators:

  • Internet Explorer crash logs with memory corruption errors
  • Windows Event Logs showing unexpected process creation

Network Indicators:

  • Outbound connections from Internet Explorer to suspicious IPs
  • HTTP requests to known exploit domains

SIEM Query:

source="Windows Security" AND event_id=4688 AND process_name="iexplore.exe" AND parent_process NOT IN ("explorer.exe", "userinit.exe")

📊 Metadata

CVE ID: CVE-2019-1367
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: September 23, 2019
Last Updated: October 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-1367, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2019-5049 10.0

This vulnerability allows an attacker to execute arbitrary code on systems with vulnerable AMD graph...

Same vulnerability type (CWE-787)