Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2020-0830

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 1803 For Arm64-based Systems
Vendor: CVE Published:; 12 March 2020

What is CVE-2020-0830?

A remote code execution vulnerability has been identified in the way Microsoft browsers' scripting engine handles objects in memory. Attackers leveraging this vulnerability could execute arbitrary code on the system, potentially leading to unauthorized access and data compromise. The issue is particularly critical for users who visit malicious websites or open malicious content, as it may allow attackers to take control of the affected system. To mitigate risk, users are advised to apply security updates provided by Microsoft.

Affected Version(s)

ChakraCore = unspecified

Internet Explorer 11 Windows 10 Version 1803 for 32-bit Systems

Internet Explorer 11 Windows 10 Version 1803 for x64-based Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2020
Vulnerability Reserved
Nov 4, 2019

JSON