⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-0674

21 documents12 sources

7.5

CVSS

HIGH

EPSS93.6%(100th)

CISA KEVPublic ExploitExploited in Wild

CISA Required Action: Apply updates per vendor instructions.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages11 packages

▶NVDmicrosoft/internet_explorer10, 11, 9+2

▶CVEListV5microsoft/internet_explorer_9Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

▶CVEListV5microsoft/internet_explorer_10Windows Server 2012

▶CVEListV5microsoft/internet_explorer_1122 versions+21

▶CVEListV5microsoft/internet_explorer_11_on_windows_server_2012unspecified

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

NVD ↗MITRE ↗Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-35jh-2r79-5r66: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin↗2022-05-24

▶

GHSA

ChakraCore RCE Vulnerability↗2022-05-24

▶

Project0

Déjà vu-lnerability - Project Zero↗2021-02-01

▶

Project0

Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero↗2020-07-01

▶

CVEList

CVE-2020-0674: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin↗2020-02-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free↗2021-05-13

▶

Exploit-DB

Microsoft Internet Explorer 11 32-bit - Use-After-Free↗2021-02-08

▶

Exploit-DB

Microsoft Internet Explorer 11 - Use-After-Free↗2020-11-17

▶

📋Vendor Advisories

CISA

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability↗2021-11-03

▶

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2020-02-11

▶

🕵️Threat Intelligence

Krebs

Microsoft Patch Tuesday, February 2020 Edition↗2020-02-11

▶

Trendmicro

Microsoft veröffentlicht Advisory zu Zero-Day-Lücke↗2020-01-20

▶