CVE-2019-0541
Summary
| CVE | CVE-2019-0541 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-01-08 21:29:00 UTC |
| Updated | 2020-09-28 12:58:00 UTC |
| Description | A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus. |
Risk And Classification
EPSS: 0.833940000 probability, percentile 0.992680000 (date 2026-04-01)
CISA KEV: Listed on 2021-11-03; due 2022-05-03; ransomware use Unknown
Problem Types: CWE-77
CISA Known Exploited Vulnerability
| Vendor | Microsoft |
|---|---|
| Product | MSHTML |
| Name | Microsoft MSHTML Remote Code Execution Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2019-0541 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Excel Viewer | 2007 | sp3 | All | All |
| Application | Microsoft | Excel Viewer | 2007 | sp3 | All | All |
| Application | Microsoft | Internet Explorer | 10 | All | All | All |
| Application | Microsoft | Internet Explorer | 11 | All | All | All |
| Application | Microsoft | Internet Explorer | 9 | All | All | All |
| Application | Microsoft | Internet Explorer | 10 | All | All | All |
| Application | Microsoft | Internet Explorer | 11 | All | All | All |
| Application | Microsoft | Internet Explorer | 9 | All | All | All |
| Application | Microsoft | Office | 2010 | sp2 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2016 | All | All | All |
| Application | Microsoft | Office | 2019 | All | All | All |
| Application | Microsoft | Office | 2010 | sp2 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2013 | sp1 | All | All |
| Application | Microsoft | Office | 2016 | All | All | All |
| Application | Microsoft | Office | 2019 | All | All | All |
| Application | Microsoft | Office 365 Proplus | - | All | All | All |
| Application | Microsoft | Office 365 Proplus | - | All | All | All |
| Application | Microsoft | Office Word Viewer | - | All | All | All |
| Application | Microsoft | Office Word Viewer | - | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1703 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1709 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1803 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1703 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1709 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1803 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2016 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541 | CONFIRM | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| Microsoft Windows MSHTML Engine - 'Edit' Remote Code Execution - Windows local Exploit | EXPLOIT-DB | www.exploit-db.com | Exploit, Third Party Advisory, VDB Entry |
| Microsoft Internet Explorer CVE-2019-0541 Remote Code Execution Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.