CISA KEV 정보
| 취약점명 | Microsoft MSHTML Remote Code Execution Vulnerability |
|---|---|
| 설명 | Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-77 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2019-0541 |
NVD 상세 정보
CVSS v3.1: 8.8 HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C설명: A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
CWE: CWE-77 | CWE-77
참조
- http://www.securityfocus.com/bid/106402 [Broken Link, Third Party Advisory, VDB Entry]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541 [Patch, Vendor Advisory]
- https://www.exploit-db.com/exploits/46536/ [Exploit, Third Party Advisory, VDB Entry]
- http://www.securityfocus.com/bid/106402 [Broken Link, Third Party Advisory, VDB Entry]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541 [Patch, Vendor Advisory]
- https://www.exploit-db.com/exploits/46536/ [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0541 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.