Unrated severityCISA KEVNVD Advisory· Published Jan 8, 2019· Updated Oct 21, 2025

CVE-2019-0541

Description

A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.

Affected products

Microsoft/Officev5
Range: 365 ProPlus for 32-bit Systems
Microsoft/Internet Explorer 10v5
Range: Windows Server 2012
Microsoft/Internet Explorer 11v5
Range: Windows 10 for 32-bit Systems
Microsoft/Internet Explorer 9v5
Range: Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft/Microsoft Excel Viewerv5
Range: 2007 Service Pack 3
Microsoft/Microsoft Officev5
Range: 2010 Service Pack 2 (32-bit editions)
Microsoft/Microsoft Office Word Viewerv5
Range: Microsoft Office Word Viewer

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46536/mitreexploitx_refsource_EXPLOIT-DB
www.securityfocus.com/bid/106402mitrevdb-entryx_refsource_BID
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0541mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000