CVE-2020-1062
published 2020-05-21CVE-2020-1062: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption…
PriorityP347high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
EPSS
14.25%
96.1th percentile
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11_on_windows_10_version_1903_for_32-bit_systems | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_msrc6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mhp3-gwmq-pprx: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-1092 [HIGH] CWE-119 GHSA-mhp3-gwmq-pprx: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062.
GHSA
GHSA-x3jh-vmwp-wc2j: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vu
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2020-1062 [HIGH] CWE-119 GHSA-x3jh-vmwp-wc2j: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vu
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.
Microsoft
Internet Explorer Memory Corruption Vulnerability
vendor_msrc·2020-05-12·CVSS 6.4
CVE-2020-1062 [HIGH] Internet Explorer Memory Corruption Vulnerability
Internet Explorer Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to vie
No detection rules found.
No public exploits indexed.
Trendmicro
Patch Tuesday: More Fixes for SharePoint, TLS, Runtime
blogs_trendmicro·2020-05-13·CVSS 8.8
[HIGH] Patch Tuesday: More Fixes for SharePoint, TLS, Runtime
Exploits & Vulnerabilities
# Patch Tuesday: More Fixes for SharePoint, TLS, Runtime
This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important.
By: Trend Micro
2020/05/13
Read time: ( words)
Save to Folio
Updated on May 20, 2020, 1:45 P.M. PST to include additional Trend Micro solutions.
This month’s Patch Tuesday includes 111 fixes for Microsoft. Of the 111 vulnerabilities, 16 have been rated Critical while the rest have been ranked Important. Four of the vulnerabilities rated as Important for this release were disclosed by the Zero Day Initiative (ZDI): two for remote code execution (RCE) and two for escalation of privileges. Other updates include a few fixes for security flaws for
Talos
Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-05-12·CVSS 9.8
[CRITICAL] Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each.
Cisco Talos specifically disclosed CVE-2020-0901 , a code execution vulnerability in Excel. This month’s security update also covers security issues in a variety of Microsoft services and software, including SharePoint, Media Foundation and the Chakra scripting engine.
Talos also released a new set of SNORTⓇ rules that provi
Talos
Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-05-12·CVSS 9.8
CVE-2020-0901 [CRITICAL] Microsoft Patch Tuesday — May 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 111 vulnerabilities. Fifteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each.
Cisco Talos specifically disclosed CVE-2020-0901, a code execution vulnerability in Excel. This month’s security update also covers security issues in a variety of Microsoft services and software, including SharePoint, Media Foundation and the Chakra scripting engine.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the full Snort rule
Zscaler
Zscaler found New Security Vulnerabilities | 5-13-2020
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found New Security Vulnerabilities | 5-13-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Bugzilla
CVE-2005-3388 PHP phpinfo() XSS attack
bugzilla·2005-11-01·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 PHP phpinfo() XSS attack
CVE-2005-3388 PHP phpinfo() XSS attack
+++ This bug was initially created as a clone of Bug #172212 +++
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."
http://www.hardened-php.net/advisory_182005.77.html
This issue should also affect FC3
Discussion:
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
---
FEDORA-2020-fb144e7de5 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5
---
FEDORA-2020-fb144e7de5 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enabl
2020-05-21
Published