CVE-2019-0541

CVE Database · CVE-2019-0541

CVE-2019-0541

· HIGHAnalyzed

CVSS v3.1

8.8

EPSS

53.20%

Published

Jan 8, 2019

Modified

Oct 29, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows MSHTML Engine - 'Edit' Remote Code Execution TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-77

Affected Products (35)

microsoft · internet_explorervulnerable

microsoft · windows_10_1507

microsoft · windows_10_1607

microsoft · windows_10_1703

microsoft · windows_10_1709

microsoft · windows_10_1803