CVE-2020-0674
Summary
| CVE | CVE-2020-0674 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-02-11 22:15:00 UTC |
| Updated | 2022-01-01 19:51:00 UTC |
| Description | A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. |
Risk And Classification
EPSS: 0.936380000 probability, percentile 0.998390000 (date 2026-04-01)
CISA KEV: Listed on 2021-11-03; due 2022-05-03; ransomware use Unknown
Problem Types: CWE-416
CISA Known Exploited Vulnerability
| Vendor | Microsoft |
|---|---|
| Product | Internet Explorer |
| Name | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2020-0674 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Microsoft | Internet Explorer | 10 | All | All | All |
| Application | Microsoft | Internet Explorer | 11 | - | All | All |
| Application | Microsoft | Internet Explorer | 9 | All | All | All |
| Application | Microsoft | Internet Explorer | 10 | All | All | All |
| Application | Microsoft | Internet Explorer | 11 | - | All | All |
| Application | Microsoft | Internet Explorer | 9 | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1709 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1803 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1903 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1909 | All | All | All |
| Operating System | Microsoft | Windows 10 | - | All | All | All |
| Operating System | Microsoft | Windows 10 | 1607 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1709 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1803 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1903 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1909 | All | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows 7 | - | sp1 | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Rt 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2008 | - | sp2 | All | All |
| Operating System | Microsoft | Windows Server 2008 | r2 | sp1 | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2012 | r2 | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
| Operating System | Microsoft | Windows Server 2019 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674 | MISC | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| GitHub - maxpl0it/CVE-2020-0674-Exploit: This is an exploit for CVE-2020-0674 that runs on the x64 version of IE 8, 9, 10, and 11 on Windows 7. | MISC | github.com | Exploit, Third Party Advisory |
| Microsoft Internet Explorer 11 Use-After-Free ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Microsoft Internet Explorer 11 Use-After-Free ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit, Third Party Advisory, VDB Entry |
| Microsoft Internet Explorer 8/11 Use-After-Free ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.