CVE-2019-0676
Published: 05 March 2019
Summary
CVE-2019-0676 is a medium-severity an unspecified weakness vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 3.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and SI-2 (Flaw Remediation).
Deeper analysis
An information disclosure vulnerability exists in Internet Explorer when the browser improperly handles objects in memory. The flaw, tracked as CVE-2019-0676, allows an attacker to determine whether specific files are present on a victim's disk. It carries a CVSS 3.1 score of 6.5 reflecting network attack vector, low attack complexity, no required privileges, and required user interaction.
An unauthenticated remote attacker can exploit the issue by convincing a user to visit a malicious web page or open a specially crafted document in Internet Explorer. Successful exploitation discloses the presence or absence of arbitrary files on disk without granting code execution or further system access.
Microsoft published an advisory addressing the vulnerability, and the issue appears in CISA's catalog of known exploited vulnerabilities, indicating confirmed in-the-wild use. No additional mitigation details beyond the vendor advisory are provided in the source references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-1436
Vulnerability details
An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor patch that eliminates the memory-handling flaw enabling file-presence disclosure in Internet Explorer.
Explicitly mandates monitoring for information disclosure attempts that match the file-existence probing behavior of this CVE.
Provides ongoing system monitoring that can identify anomalous outbound or script-driven access patterns used to exploit the IE flaw.