Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (ADV200001)

Published: 2020-01-27 08:06:02
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C

Summary:
This host is missing a critical security update according to Microsoft advisory ADV200001.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
The flaw is due to the way that the scripting engine handles objects in memory in Internet Explorer.

Impact:
Successful exploitation will allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user and execute arbitrary code.

Affected Versions:
Internet Explorer 9, 10 and 11

Recommendations:
As a workaround restrict access to JScript.dll.

Solution Type:
Workaround

Detection Type:
Executable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2020-0674

References:

https://support.microsoft.com/en-us/help/4534251
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001

Search
Severity
High
CVSS Score
7.6

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.