Vulnerability Details CVE-2020-0674
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.936
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 7.6
Proposed Action
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.html
- http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html
- http://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.html
- https://github.com/maxpl0it/CVE-2020-0674-Exploit
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
- http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.html
- http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html
- http://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.html
- https://github.com/maxpl0it/CVE-2020-0674-Exploit
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0674
Products affected by CVE-2020-0674
-
cpe:2.3:a:microsoft:internet_explorer:10
-
cpe:2.3:a:microsoft:internet_explorer:11
-
cpe:2.3:a:microsoft:internet_explorer:9
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1607:-
-
cpe:2.3:o:microsoft:windows_10_1709:-
-
cpe:2.3:o:microsoft:windows_10_1803:-
-
cpe:2.3:o:microsoft:windows_10_1809:-
-
cpe:2.3:o:microsoft:windows_10_1903:-
-
cpe:2.3:o:microsoft:windows_10_1909:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_server_2016:-
-
cpe:2.3:o:microsoft:windows_server_2019:-