Vulnerability CVE-2020-0674


Published: 2020-02-11   Modified: 2020-02-12

Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

See advisories in our WLB2 database:
Topic
Author
Date
High
Internet Explorer 11 Use-After-Free
Tgroup
11.09.2020
High
Microsoft Internet Explorer 11 32-bit Use-After-Free
deadlock
12.02.2021
High
Microsoft Internet Explorer 8/11 Use-After-Free
deadlock
15.05.2021
High
Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll Use-After-Free
deadlock
27.05.2021

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.6/10
10/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674

Copyright 2024, cxsecurity.com

 

Back to Top