Lucene search

K
attackerkbAttackerKBAKB:B5D126FE-9266-41E6-A40B-09FF5B27A5A5
HistoryFeb 13, 2020 - 12:00 a.m.

CVE-2020-0674: Internet Explorer Scripting Engine Memory Corruption Vulnerability

2020-02-1300:00:00
attackerkb.com
41

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

A remote code execution vulnerability exists in some versions of Internet Explorer. An attacker who is able to convince a user to visit a malicious or compromised website may be able to execute code on the affected system, with the same permissions as the user.

The vulnerability affects IE 9 on Windows Server 2008, IE 10 on Windows Server 2012, and IE 11 on all other supported versions of Windows.

Recent assessments:

wvu-r7 at January 24, 2020 12:34am UTC reported:

An Edge vuln might be more valuable, but plenty of people still use IE. Last I heard, there was no known PoC. Perhaps only Google and Qihoo 360 have seen these “attacks in the wild.”

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C