NVD

Vulnerability Change Records for CVE-2019-1057

Change History

CVE Modified by Microsoft Corporation 5/29/2024 1:15:56 PM

Action

Type

Old Value

New Value

Removed

CVSS V3

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Added

CVSS V3.1

Microsoft Corporation AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Changed

Description

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.
To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system.
The update addresses the vulnerability by correcting how the MSXML parser processes user input.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Vulnerability Change Records for CVE-2019-1057

Change History

CVE Modified by Microsoft Corporation 5/29/2024 1:15:56 PM