vulnerability
Microsoft Windows: CVE-2019-0541: MSHTML Engine Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Jan 8, 2019 | Jan 8, 2019 | Sep 5, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Jan 8, 2019
Added
Jan 8, 2019
Modified
Sep 5, 2025
Description
A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.
Solutions
microsoft-windows-windows_10-1507-kb4480962microsoft-windows-windows_10-1607-kb4480961microsoft-windows-windows_10-1703-kb4480973microsoft-windows-windows_10-1709-kb4480978microsoft-windows-windows_10-1803-kb4480966microsoft-windows-windows_10-1809-kb4480116microsoft-windows-windows_server_2016-1607-kb4480961microsoft-windows-windows_server_2019-1809-kb4480116msft-kb2553332-84259651-cff2-4546-8e97-f718a683595emsft-kb2553332-c23a7e38-0ae6-4565-ac68-fcbc0ba37194msft-kb2596760-4879b63f-2743-4384-b834-587a7d5b655cmsft-kb3172522-a5724217-a7d1-4d74-bd6c-d62a1ece86d6msft-kb3172522-fda15612-32c6-47b0-be68-41c17798edcemsft-kb4462112-2e09c2b8-8edc-4423-acd0-f9c19b3b5893msft-kb4480965-2ad3d177-1a14-473e-8d33-d4f5c55d4084msft-kb4480965-3194e5a7-f149-4758-9480-0e99fc0e6632msft-kb4480965-3707710e-c97a-4892-b0be-cef159854419msft-kb4480965-37c32888-98c5-491b-81f3-f9ef2fa9cc19msft-kb4480965-3b85d48f-4c99-465c-9789-6da02c216da0msft-kb4480965-4bff8b97-5446-4c1a-902b-eadf60bf4b96msft-kb4480965-5b6b91e1-3d64-4ca9-84df-a0068112720fmsft-kb4480965-6e62d82e-0852-492d-b77c-41c39460ec6bmsft-kb4480965-792eeae3-0ead-4459-adc3-ef740d453c09msft-kb4480965-9c312528-b2b1-4ad6-a99a-0b8fc9ac021fmsft-kb4480965-aba18d6f-762f-41ab-80af-ba795dd0946cmsft-kb4480965-c5c82fdd-094e-46a5-8e83-223eeccfcca3msft-kb4480965-c901045b-cbab-4b9b-9319-b520746f5fd0msft-kb4480965-faf11c07-2780-4c79-8507-312b67c7e595
References
- BID-106402
- CVE-2019-0541
- https://attackerkb.com/topics/CVE-2019-0541
- CWE-77
- https://support.microsoft.com/help/4480116
- https://support.microsoft.com/help/4480961
- https://support.microsoft.com/help/4480962
- https://support.microsoft.com/help/4480966
- https://support.microsoft.com/help/4480973
- https://support.microsoft.com/help/4480978
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.