CVE-2020-0674

Description from NVD

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

Information Acquisition Date:2021-04-27T10:39Z
CVSS 2.0: 7.6 HIGH CVSS 3.x: 7.5 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:H/Au:N/C:C/I:C/A:C

NVD References

 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
     source:MISC
     tags:Patch    Vendor Advisory    
 https://github.com/maxpl0it/CVE-2020-0674-Exploit
     source:MISC
     tags:Exploit    Third Party Advisory    
 http://packetstormsecurity.com/files/159137/Microsoft-Internet-Explorer-11-Use-After-Free.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/161309/Microsoft-Internet-Explorer-11-Use-After-Free.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    

Description from Forti

Microsoft: Scripting Engine Memory Corruption Vulnerability

This indicates an attack attempt to exploit a Memory Corruption Vulnerability in Microsoft Internet Explorer.The vulnerability is due to an error when the vulnerable software attempts to handle a maliciously crafted web page. An attacker can exploit this by tricking a user into visiting a malicious webpage and execute arbitrary code within the context of the application.

Information Acquisition Date:2020/05/01

Affected Products

Internet Explorer 10 Windows Server 2012
Internet Explorer 11 Windows 10 Version 1803 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1803 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1803 for ARM64-based Systems
Internet Explorer 11 Windows 10 Version 1809 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1809 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1809 for ARM64-based Systems
Internet Explorer 11 Windows Server 2019
Internet Explorer 11 Windows 10 Version 1909 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1909 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1909 for ARM64-based Systems
Internet Explorer 11 Windows 10 Version 1709 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1709 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1709 for ARM64-based Systems
Internet Explorer 11 Windows 10 Version 1903 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1903 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1903 for ARM64-based Systems
Internet Explorer 11 Windows 10 for 32-bit Systems
Internet Explorer 11 Windows 10 for x64-based Systems
Internet Explorer 11 Windows 10 Version 1607 for 32-bit Systems
Internet Explorer 11 Windows 10 Version 1607 for x64-based Systems
Internet Explorer 11 Windows Server 2016
Internet Explorer 11 Windows 7 for 32-bit Systems Service Pack 1
Internet Explorer 11 Windows 7 for x64-based Systems Service Pack 1
Internet Explorer 11 Windows 8.1 for 32-bit systems
Internet Explorer 11 Windows 8.1 for x64-based systems
Internet Explorer 11 Windows RT 8.1
Internet Explorer 11 Windows Server 2008 R2 for x64-based Systems Service Pack 1
Internet Explorer 11 Windows Server 2012
Internet Explorer 11 Windows Server 2012 R2
Internet Explorer 9 Windows Server 2008 for 32-bit Systems Service Pack 2
Internet Explorer 9 Windows Server 2008 for x64-based Systems Service Pack 2

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/l/Bg254
https://lists.astaro.com/ASGV9-IPS-rules.html50
http://newsbythehour.org/cybr20
https://www.exploit-db.com12
https://vfeed.io4
https://twitter.com/search?src=sprv&q=CVE-2020-06744
https://portal.msrc.microsoft.com/en-US/security-guidance/a...4
https://github.com/maxpl0it/CVE-2020-0674-Exploit3
https://www.snort.org/rule_docs/1-487023
https://blog.snort.org/2020/02/snort-rule-update-for-feb-11...3
https://fortiguard.com/encyclopedia/ips/486893
https://www.mcafee.com/enterprise/en-us/assets/release-note...3
https://blogs.jpcert.or.jp/ja/2020/04/ie_firefox_0day.html3
https://www.checkpoint.com/defense/advisories/public/2020/c...3
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3
http://www.watchguard.com/SecurityPortal/ThreatDetail.aspx?...3

Information from Twitter

User URL Info Source Date
No Data

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com254
lists.astaro.com50
newsbythehour.org20
www.exploit-db.com12
vfeed.io4
twitter.com4
portal.msrc.microsoft.com4
github.com3
www.snort.org3
blog.snort.org3
fortiguard.com3
www.mcafee.com3
blogs.jpcert.or.jp3
www.checkpoint.com3
www.proofpoint.com3
www.watchguard.com3

Information from Twitter

User URL Info Source
No Data
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2022/03/27 Score : 1
Added Har-sia Database : 2020/02/04
Last Modified : 2022/03/27
Highest Scored Date : 2020/04/02
Highest Score : 44