CVE-2019-1030 — Vulnetix

CVE-2019-1030 PUBLISHED CVSS 4.300000190734863 MEDIUM

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, compromised websites and websites that accept or host user-provided content could contain specially crafted content that could exploit the vulnerability. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action. For example, an attacker could trick a user into clicking a link that takes the user to the attacker's site. The update addresses the vulnerability by modifying how Microsoft Edge based on Edge HTML handles objects in memory.

EPSS 21.36% · 95.8th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

EPSS Score

21.36%

95.8th percentile

Affected Products

Vendor	Product	Versions
microsoft	edge
Microsoft	Microsoft Edge (EdgeHTML-based)	1.0..0

Exploit Intelligence

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1030 (circl)

Timeline

Aug 14, 2019 CVE Published
Apr 14, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Jan 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 1, 2023 EPSS Score

References

Open in Interactive Console →