CISA Known Exploited Vulnerability

CVE-2019-1367 Ransomware

Microsoft · Internet Explorer

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2022-05-03

CWE CWE-787

Ransomware Known

CISA description

Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2019-1367

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2019-1367
CVE.org · CVE-2019-1367
CISA KEV catalog (canonical)