Cyber Resilience

CVE-2019-1429

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 12 November 2019

Published
12 November 2019
Modified
14 January 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.8304 99.3th percentile
Risk Priority 85 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-1429 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Internet Explorer. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-18 (Mobile Code).

Deeper analysis

A remote code execution vulnerability exists in the scripting engine of Internet Explorer due to improper handling of objects in memory. The flaw is tracked as CVE-2019-1429 and is distinct from several related issues in the same component. It is classified under CWE-416 (use after free) and CWE-787 (out-of-bounds write) and carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high attack complexity, required user interaction, and full confidentiality, integrity, and availability impact.

An unauthenticated remote attacker can exploit the issue by convincing a user to visit a specially crafted web page in Internet Explorer. Successful exploitation allows arbitrary code execution in the context of the current user. The vulnerability affects the scripting engine's memory management routines and does not require prior authentication or elevated privileges on the target system.

Microsoft's security advisory and the CISA Known Exploited Vulnerabilities catalog both reference official patches that address the memory corruption. Administrators are advised to apply the updates released through the standard Microsoft Update channels to eliminate the exposure.

The presence of CVE-2019-1429 in the CISA catalog confirms observed in-the-wild exploitation, underscoring the need for prompt remediation on any remaining Internet Explorer installations.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
internet explorer
10, 11, 9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor patches that eliminate the memory-corruption flaw in the IE scripting engine.

SC-18 Mobile Code partial match
prevent

Restricts or monitors execution of mobile code (scripts) inside Internet Explorer, blocking the vector used to trigger the vulnerability.

prevent

Implements memory-protection safeguards that can mitigate use-after-free and out-of-bounds-write conditions exploited by this CVE.

References