CVE-2020-0674: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
First published: Tue Feb 11 2020(Updated: )
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =9 | |
| Microsoft Windows Server 2008 | =sp2 | |
| Microsoft Internet Explorer | =10 | |
| Microsoft Windows Server 2012 | ||
| Microsoft Internet Explorer | =11 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 10 | =1809 | |
| Microsoft Windows 10 | =1903 | |
| Microsoft Windows 10 | =1909 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT 8.1 | ||
| Microsoft Windows Server 2008 | =r2-sp1 | |
| Microsoft Windows Server 2012 | =r2 | |
| Microsoft Windows Server 2019 | ||
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.html
- http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html
- http://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.html
- https://github.com/maxpl0it/CVE-2020-0674-Exploit
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-0674.
What software is affected by this vulnerability?
The affected software includes Microsoft Internet Explorer versions 9, 10, and 11.
What is the severity of CVE-2020-0674?
The severity of CVE-2020-0674 is high, with a severity value of 7.5.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is 416.
Are there any references for this vulnerability?
Yes, there are references available for this vulnerability at the following links: [reference 1], [reference 2], [reference 3].
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/9
- canonical/microsoft windows server 2008
- version/microsoft windows server 2008/sp2
- version/microsoft internet explorer/10
- canonical/microsoft windows server 2012
- version/microsoft internet explorer/11
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- version/microsoft windows 10/1809
- version/microsoft windows 10/1903
- version/microsoft windows 10/1909
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt 8.1
- version/microsoft windows server 2008/r2-sp1
- version/microsoft windows server 2012/r2
- canonical/microsoft windows server 2019