cbcvebase.
CVE-2020-1380
published 2020-08-17

CVE-2020-1380: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could…

PriorityP184high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
24.19%
97.6th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer_11>= 1.0.0 < publicationpublication
msrcinternet_explorer_11

Detection & IOCsextracted from sources · hover to see the quote

filenamejscript9.dll
hash124FE26D53E2702B42AE07F8AEC5EE4E79E7424BCE6ECDA608536BBF0A7A2377
hashE667F9C109E20900CC8BADD09EDE6CDCE0BDC77164CFD035ACE95498E90D45E7
hash93FFE7CF56FEB3FB541AEF91D3FC04A5CF22DF428DC0B7E5FEB8EDDDC2C72699
hashAD13BB18465D259ACC6E4CEBA24BEFF42D50843C8FD92633C569E493A075FDDC
hashA9EF18B012BD20945BB3533DEEC69D82437BF0117F83B2E9F9E7FACC5AA81255
hash6C1F4FFA63EE7094573B0F6D1BD51255F603BC8958757405C8C998416537D587
hash1366E2AC6365E4B76595A19760438D876E01DB40C60EC3F42849F0218B724F1B
hash0B3E5E2406490DF17A198A8340B103BB331A5277461234F3F90ED257E418C1F8
hash3E0FAEE93F6EF572537735C7F2D82D151C5A21EB30EACC576B3B66320C74FD34
hashDB6CBE4EE82F87008B34D1D4E9AA6EE3C9CCD21CB7A0B60925D5DA8D1295A269
hash3B7FB5EC8180AD74871EB9F5B59E6E98A188CE84BA3BD6ADD9B4BCFCCB80C137
hash52E2B9CBA4E1BEE1EB3ED9D03BC33EADB6C8D6AAC8598679AA95690E587BE7C4
hashF5AD9E32A84DF617ABA3786F19BA7DAB4B4BD8A27627232D3AACE760511AEDF7
hash45C7C36E7E8B832815D8B03651EDC14F864B52E1C599E5336A1AAA0BD47FF3E3
hash522C59BACE844A3D76B674842373DDBF959FC5B352317B024DBF225F536A641E
hash16AB933AD01D73120EE5B764C12057FF7F6DC3063BBC377CDB87419A30532323
hash9D10AC2A2C7C58F1E1D4B745746AA5F0CE699C0DB87CCCA43418435FAA03AD1B
hashC4039CD7DB24158BE51DA9010E6A367F5253F40F007B656407FB69D279732784
hash2A6FE431326ACCAF31EA7CA7CD1214AD5EFCA891619859BCF60671A62C8D81F4
hash258EDBBAC7E78B4F51433807B237FC0ED7F76031795EA48A4FEFB38949F9B3B6
hashA3010F206656752FAD70EF7637947933152E7ADC883B43D0832B2234C8E6F968
hashE037839A3DACC3153754A156136E9EAD2F4C52939FE869B3981C4BB5114202C8
hashF8B80978D4548139E824863DD661E40AF4C2523C3E93547E4F167A749E108280
hashB157BEAC5516D05A014527B3F0FE4B01683CAAC9FFF6608B67A8BA62DF5EF838
hash2384FDA35A293B5F5B32B09E8DC455E7CE40A92D25CD9BACEEAB494785426B46
hash9FF65052FE93A884D7BCE36E87F4DE104839F72F26AF66785B2D98EAB706C816
hash31C936D08E9BA8FDA86844F67363223BDB6A917F530571ABCB3F584874909FEA
hash00F24AC0AD19DC3EE05A112F7650AABA16041020263EA851C90F3C0A61C7EC57
hashB0E5BB79CDFAD284D88BC26DB4289A51F114CC71C928E8A9951DC8C498A243B9
hash095E85EBE2155798FB3A5FBD57196CF377B56FB2176CFF3A776302DCB806237D
hashB36BFF265EE47D31E4C70EE78BADCFCC0DE89643DA61C1BF16BA2D6F36A62936
commandrundll32.exe "%TEMP%\a.dll",a %TEMP%\1.txt
filenameXjs.dll
filenameformat.cfg
filenameconfig.dll
filenamecfg.config

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa8.8HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.