CVE-2020-0968
CVE-2020-0968
Vexday Risk Score
63High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 30.0%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
15 Apr 2020Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
Internet Explorer's scripting engine improperly handles objects in memory, allowing attackers to execute arbitrary code remotely by tricking users into visiting malicious websites.
Technical detail
A buffer overflow (CWE-787) in Internet Explorer's scripting engine enables remote code execution through crafted web content. Exploitation requires user interaction (visiting a malicious webpage) and results in arbitrary code execution with the privileges of the affected user.
Summary generated and translated by AI from the official description.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft · Internet Explorer 11Microsoft · Internet Explorer 11 on Windows 10 Version 1903 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1903 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1909 for 32-bit SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based SystemsMicrosoft · Internet Explorer 11 on Windows 10 Version 1909 for x64-based SystemsMicrosoft · Internet Explorer 11 on Windows Server 2012Microsoft · Internet Explorer 9Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →