Advisory Date: 10 July 2019

  DESCRIPTION

Microsoft addresses vulnerabilities in its July security bulletin. Trend Micro Deep Security covers the following:

  • CVE-2019-1001 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the improper handling of objects in memory by the scripting engine in Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1004 - Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the improper handling of objects in memory by the scripting engine in Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1062 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the handling of objects in memory in the Chakra scripting engine of Microsoft Edge. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1063 - Internet Explorer Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the handling of objects in memory by Internet Explorer. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1092 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the handling of objects in memory in the Chakra scripting engine of Microsoft Edge. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability.


  • CVE-2019-1103 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may create a specially crafted webpage that contains an exploit to this vulnerability.


  • CVE-2019-1104 - Microsoft Browser Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the improper handling of objects in memory by Microsoft browsers. Attackers looking to exploit this vulnerability may create a specially crafted webpage that contains an exploit to this vulnerability.


  • CVE-2019-1106 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may gain the same user rights as the currently logged on user.


  • CVE-2019-1107 - Chakra Scripting Engine Memory Corruption Vulnerability
    Risk Rating: Critical

    This memory corruption vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may gain the same user rights as the currently logged on user.


  • CVE-2019-1112 - Microsoft Excel Information Disclosure Vulnerability
    Risk Rating: Important

    This information disclosure vulnerability exists in the disclosure of memory contents by Microsoft Excel. Attackers looking to exploit this vulnerability may host a specially crafted file that contains an exploit to this vulnerability.


  INFORMATION EXPOSURE

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.

Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection Compatibility
CVE-2019-1001 1009839 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-1001) 09-Jul-19 YES
CVE-2019-1004 1009837 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1004) 09-Jul-19 YES
CVE-2019-1062 1009843 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1062) 09-Jul-19 YES
CVE-2019-1063 1009836 Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-1063) 09-Jul-19 YES
CVE-2019-1103 1009840 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1103) 09-Jul-19 YES
CVE-2019-1104 1009838 Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2019-1104) 09-Jul-19 YES
CVE-2019-1106 1009841 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106) 09-Jul-19 YES
CVE-2019-1112 1009835 Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1112) 09-Jul-19 YES
CVE-2019-0698 1009798 Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106) 09-Jul-19 NO