CVE-2019-1429
ENISA EUVD: EUVD-2019-9986 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
1 article
Published: 2019-11-12
EPSS Score
Source: FIRST.org · 2026-05-23
83.04%
probability
This CVE has a 83.04% probability
of being exploited in the next 30 days.
0%
Top 99.3th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)7.5
HIGH
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
7.6
HIGH
Access Vector
Network
Access Complexity
High
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:H/Au:N/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Affected Products
Microsoft
Internet Explorer 9
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft
Internet Explorer 11
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows Server 2012 R2
Microsoft
Internet Explorer 11 on Windows Server 2012
unspecified
Microsoft
Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems
unspecified
Microsoft
Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems
unspecified
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-787
· Out-of-bounds Write
CWE-825
· Expired Pointer Dereference
Google Project Zero
Patched
Nov. 12, 2019
Reported by
Clément Lecigne of Google’s Threat Analysis Group & Ivan Fratric of Google Project Zero
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2019/CVE-2019-1367.html
Exploits & PoC
Signal Intelligence
Confidence
95%
EPSS
83.04%
CVSS v3.1
7.5
Mentions
1
Last Seen
Nov 12, 2019
CNA Information
CNA Assigner
microsoft
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateNov 12, 2019