7.6
CVSSv2

CVE-2020-0674

Published: 11/02/2020 Updated: 12/02/2020
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Summary

Microsoft Internet Explorer could allow a remote malicious user to execute arbitrary code on the system, caused by improper handling of objects in memory by the scripting engine. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftInternet Explorer9, 10, 11

Recent Articles

Windows 10 Gets Temp Fix for Critical Security Vulnerability
BleepingComputer • Ionut Ilascu • 21 Feb 2020

Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it.
For the remote code execution vulnerability in Internet Explorer 9/10/11 tracked as CVE-2020-0674, though, there is available a temporary third-party fix.
There is information that this vulnerability has been exploited in the wild in limited targeted attacks, which makes it more concerning to c...

Windows 10 Gets Temp Patch for Critical Flaw Fixed In Buggy Update
BleepingComputer • Ionut Ilascu • 21 Feb 2020

Until Microsoft releases a permanent solution for the troublesome KB4532693 update, enterprises with Windows 10 1903 and 1909 are forced to delay applying the security fixes that come with it.
For the remote code execution vulnerability in Internet Explorer 9/10/11 tracked as CVE-2020-0674, though, there is available a temporary third-party fix.
There is information that this vulnerability has been exploited in the wild in limited targeted attacks, which makes it more concerning to c...

Microsoft Patch Tuesday – February 2020
Symantec Threat Intelligence Blog • Preethi Koroth • 12 Feb 2020

This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.

Posted: 12 Feb, 202024 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday – February 2020This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.

As always, customers are advised to follow these security best practices:


Install vendor patches as soon as they are available.
Run all so...

Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws
welivesecurity • Tomáš Foltýn • 12 Feb 2020

This month’s Patch Tuesday is here and with it come fixes for no fewer than 99 security vulnerabilities in Windows and other Microsoft software.
Twelve flaws have received the highest severity ranking of “critical”, while 5 security holes are listed as publicly known at the time of release.
In fact, one vulnerability ticks both boxes – an actively exploited zero-day in Internet Explorer (IE). Microsoft disclosed this flaw, indexed as CVE-2020-0674, three weeks ago but didn’...

If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
The Register • Shaun Nichols in San Francisco • 11 Feb 2020

Meanwhile, we're still squashing bugs in Adobe Flash Player... plus stuff from Intel and SAP

Patch Tuesday It's going to be a busy month for IT administrators as Microsoft, Intel, Adobe, and SAP have teamed up to deliver a bumper crop of security fixes for Patch Tuesday.
Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE-listed vulnerabilities.
These included CVE-2020-0674, a remote code execution flaw in Internet Explorer's Trident rendering engine that is already being exploited in the wild. This hole would typic...

Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
Threatpost • Tara Seals • 11 Feb 2020

Microsoft has issued one of its largest Patch Tuesday updates for the shortest month of the year, addressing 99 security vulnerabilities across a range of products. Twelve of the bugs are listed as critical – and the rest are rated as being important.
The update includes a patch for the zero-day memory-corruption vulnerability disclosed in late January that’s under active attack. The bug tracked as CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote co...

Microsoft Patches Actively Exploited Internet Explorer Zero-Day
BleepingComputer • Sergiu Gatlan • 11 Feb 2020

Microsoft released security updates to patch an actively exploited zero-day remote code execution (RCE) vulnerability impacting multiple versions of Internet Explorer.
In the middle of January 2020, Microsoft released an advisory about an Internet Explorer zero-day vulnerability (CVE-2020-0674) that was publicly disclosed and being actively exploited by attackers.
The flaw, reported by Clément Lecigne of Google’s Threat Analysis Group and Ella Yu from Qihoo 360, "could corrupt ...

Microsoft Zero-Day Actively Exploited, Patch Forthcoming
Threatpost • Tara Seals • 21 Jan 2020

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available.
The bug (CVE-2020-0674) which is listed as critical in severity for IE 11, and moderate for IE 9 and IE 10, exists in the way that the jscript.dll scripting engine handles objects in memory in the browser, according to Microsoft’s advisory, issued Friday.
The vulnerability could...

Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch
BleepingComputer • Sergiu Gatlan • 21 Jan 2020

A micropatch implementing Microsoft's workaround for the actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer is now available via the 0patch platform until an official fix will be released.
Microsoft's advisory says that the company is aware of "limited targeted attacks" targeting the flaw tracked as CVE-2020-0674.
The vulnerability, reported by Clément Lecigne of Google’s Threat Analysis Group and Ella Yu from Qihoo 360, "could co...

New Internet Explorer zero‑day remains unpatched
welivesecurity • Tomáš Foltýn • 20 Jan 2020

Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks.
The zero-day, which is tracked as CVE-2020-0674, is a memory corruption issue in the browser’s scripting engine. Its exploitation could enable remote attackers to run code of their choice on the compromised system.
The remote-code execution (RCE) security hole affects IE versions 9, 10 and 11 ru...

It's Friday, the weekend has landed... and Microsoft warns of an Internet Explorer zero day exploited in the wild
The Register • Shaun Nichols in San Francisco • 18 Jan 2020

Plus, WeLeakInfo? Not anymore!

Roundup Welcome to another Reg roundup of security news.
Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability (CVE-2020-0674) for Internet Explorer. The scripting engine flaw can be exploited to gain remote code execution on a vulnerable machine by way of a specially crafted webpage. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and thus far there is no patch available.
"Microsoft is aware of this vulnera...

Microsoft Issues Mitigation for Actively Exploited IE Zero-Day
BleepingComputer • Sergiu Gatlan • 17 Jan 2020

Update January 17: Microsoft says that the vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group and Ella Yu from Qihoo 360.
Update January 19: This vulnerability is now tracked as CVE-2020-0674.
Microsoft published a security advisory containing mitigation measures for an actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer.
Redmond's advisory says that the company is aware of "limited targeted atta...

Microsoft's February 2020 Patch Tuesday Fixes 99 Flaws, IE 0day
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Today is Microsoft's February 2020 Patch Tuesday and also the first time Windows 7 users will not receive free security updates. Be nice to your Windows administrators today!
With the release of the February 2020 security updates, Microsoft has released one advisory for Flash Player and fixes for 99 vulnerabilities in Microsoft products. Of these vulnerabilities, 10 are classified as Critical, 87 as Important, and 2 as Moderate.
Included in this release is a security update for the ...

Microsoft's IE Zero-day Fix is Breaking Windows Printing
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users.
On January 17th, 2020, Microsoft disclosed a zero-day remote code execution vulnerability in Internet Explorer 11, 10, and 9 that was being used in "limited targeted attacks".
To exploit this vulnerability, attackers can create a specially crafted web site that when visited in Internet Explorer will remotely...

Windows 10 KB4535996 Update Fixes Search, Printing Issues
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Microsoft has released the KB4535996 cumulative update for Windows 10 1903 and Windows 10 1909 that introduces a variety of quality improvements and bug fixes.
In this cumulative update, Microsoft states that they have resolved network printing issues some users are experiencing after installing a security update for the CVE-2020-0674 vulnerability in Internet Explorer.
Microsoft has also stated that this update resolves Windows Search issues such as no results showing or the s...