← back
CVE-2020-0674

CVE-2020-0674

CVSS 7.5 HIGHEPSS 86.9%● KEVCWE-416
In short

Internet Explorer has a memory handling flaw that allows attackers to run harmful code on your computer when you visit a malicious website. The vulnerability exists in how the browser processes scripts, and exploiting it can give attackers full control of your system.

Technical detail

A use-after-free vulnerability (CWE-416) in Internet Explorer's scripting engine allows remote code execution when a specially crafted web page is visited. The attack requires user interaction (visiting a malicious site) and can result in arbitrary code execution with the privileges of the logged-in user.

Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 10Microsoft · Internet Explorer 11Microsoft · Internet Explorer 11 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1909 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1909 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows Server 2012Microsoft · Internet Explorer 9
public PoCs found9
githubgithub.com/maxpl0it/CVE-2020-0674-Exploit223githubgithub.com/Neko-chanQwQ/CVE-2020-0674-PoC1githubgithub.com/Micky-Thongam/Internet-Explorer-UAF0githubgithub.com/Ken-Abruzzi/CVE-2020-06740cve_referencepacketstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49863unverifiedcve_referencepacketstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.htmlunverifiedcve_referencepacketstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49062unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.htmlhttp://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.htmlhttp://packetstormsecurity.com/files/162565/Microsoft-Internet-Explorer-8-11-Use-After-Free.htmlhttps://github.com/maxpl0it/CVE-2020-0674-Exploithttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0674