CVE-2019-1367 is a new zero-day vulnerability of the remote code execution kind, for which an emergency patch was just issued.
The bug could allow attackers to perform remote attacks with the purpose of gaining access over a system. The vulnerability is a scripting engine memory corruption issue, which was discovered by Clément Lecigne of Google’s Threat Analysis Group.
CVE-2019-1367: Technical Details
Here’s the official description of CVE-2019-1367:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
It should be noted that in case the user is logged in with admin rights, the attacker could take control of the entire system. This event could lead to various outcomes, including the installation of programs, and the alteration or deletion of data.
An attack based on the CVE-2019-1367 exploit could be launched via email (malspam) or by tricking the user into visiting a maliciously crafted website. It should be mentioned that the targeted browser is Internet Explorer, which continues to be used by a large userbase. Furthermore, spam and malware campaigns take place daily, so applying the emergency patch for CVE-2019-1367 should be done immediately.
This is not the only issue that Microsoft is addressing. The second vulnerability is assigned the CVE-2019-1255 number and is located in Microsoft Defender. Fortunately, the bug is not as serious as the other one. Attackers could leverage the issue to prevent legitimate accounts from executing legitimate system binaries, Microsoft explained.
Even though CVE-2019-1255 is not critical, a patch should be applied. The issue is fixed in v1.1.16400.2 of the Microsoft Malware Protection Engine, which is a component of the Microsoft Defender antivirus. The vulnerability was discovered by Charalampos Billinis of F-Secure Countercept and Wenxu Wu of Tencent Security Xuanwu Lab.