Date du conseil: 14 août 2019

  Description

Microsoft addresses vulnerabilities in its August security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2019-1196 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1139 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1140 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1141 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1195 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1197 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1201 - Microsoft Word Remote Code Execution Vulnerability
    Risk Rating: Critical

    This remote code execution vulnerability exists in the improper handling of objects in memory by Microsoft Word. Attackers looking to exploit this vulnerability may create a specially crafted file that contains an exploit to this vulnerability.


  Information Exposure Rating:

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2019-1140 1009905 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1140) 13-Aug-19 YES
CVE-2019-1141 1009906 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1141) 13-Aug-19 YES
CVE-2019-1196 1009903 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1196) 13-Aug-19 YES
CVE-2019-1195 1009907 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1195) 13-Aug-19 YES
CVE-2019-1139 1009904 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1139) 13-Aug-19 YES
CVE-2019-1201 1009909 Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201) 13-Aug-19 YES
CVE-2019-1197 1009908 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1197) 13-Aug-19 YES