Critical Internet Explorer Vulnerability (CVE-2020-1380)

Critical Internet Explorer Vulnerability (CVE-2020-1380)

A remote code execution vulnerability exists in handling objects in the scripting engine of Internet Explorer.

Overview

Critical Internet Explorer Vulnerability (CVE-2020-1380): “A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka Scripting Engine Memory Corruption Vulnerability.”

Description

A remote code execution vulnerability (CVE-2020-1380) exists in the way that the scripting engine handles objects in memory in Internet Explorer. This recent vulnerability could allow a remote attacker to execute arbitrary code in the context of the current user.

The vulnerability stems from a fault in the way that the scripting engine handles objects in memory in Internet Explorer, affecting many MS Windows 10 and Server versions. CVE-2020-1380 is being actively exploited in the wild and it is highly recommended that the systems are updated/patched immediately.

The vulnerability allows attackers to conduct web-based attacks by convincing the user to view a specially crafted website that is designed to exploit the vulnerability within Internet Explorer. Attackers could also infect the previously compromised websites to contain specially crafted content that could exploit the vulnerability. 

Impact

An authenticated remote attacker can execute arbitrary code in the targeted systems, allowing the threat actor to gain the same user rights as the current user. This means that, if an attacker exploits a vulnerable machine while the current logged in user has administrative user rights, then the attacker can take full control of the system. 

Impact Summary

Category: Remote Code Execution
CVSS 3.1 Base Score: 7.5 High
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Solution (Update)

To defend against possible attacks due to this critical Internet Explorer vulnerability (CVE-2020-1380), vulnerable MS Windows 10 and Server versions needs to be updated/patched in line with the Microsoft Security Update Guide.

Quote by Bruce Schneier
Quote by Bruce Schneier

I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually ‘Nothing; you’re screwed’.

Bruce Schneier

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?