Remote Code Execution Vulnerability in Microsoft Browsers
CVE-2020-1219

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Chakracore; Microsoft Edge (edgehtml-based) On Windows 10 Version 2004 For 32-bit Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 2004 For X64-based Systems; Microsoft Edge (edgehtml-based) On Windows 10 Version 2004 For Arm64-based Systems
Vendor: CVE Published:; 9 June 2020

Summary

This vulnerability arises from improper handling of objects in memory within Microsoft browsers, which can potentially allow an attacker to execute arbitrary code on the affected system. Successful exploitation requires an attacker to trick the user into visiting a malicious website. This issue underscores the importance of keeping browser software updated to mitigate risks associated with memory corruption vulnerabilities.

Affected Version(s)

ChakraCore = unspecified

Internet Explorer 11 Windows 10 Version 1803 for 32-bit Systems

Internet Explorer 11 Windows 10 Version 1803 for x64-based Systems

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-20-698/

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Nov 4, 2019