A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429.
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows 10 Version 1809 for 32-bit Systems — unspecified |
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows 10 Version 1809 for x64-based Systems — unspecified |
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows 10 Version 1809 for ARM64-based Systems — unspecified |
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows Server 2019 — unspecified |
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows 10 Version 1903 for 32-bit Systems — unspecified |
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows 10 Version 1903 for x64-based Systems — unspecified |
| Microsoft | Microsoft Edge (EdgeHTML | based) on Windows 10 Version 1903 for ARM64-based Systems — unspecified |
| Microsoft | ChakraCore | unspecified |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice: