Critical Internet Explorer Vulnerability (CVE-2020-1380)

Contents of The Article hide

5 References to Advisories, Solutions and Tools

Overview

Critical Internet Explorer Vulnerability (CVE-2020-1380): “A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka Scripting Engine Memory Corruption Vulnerability.”

Description

A remote code execution vulnerability (CVE-2020-1380) exists in the way that the scripting engine handles objects in memory in Internet Explorer. This recent vulnerability could allow a remote attacker to execute arbitrary code in the context of the current user.

The vulnerability stems from a fault in the way that the scripting engine handles objects in memory in Internet Explorer, affecting many MS Windows 10 and Server versions. CVE-2020-1380 is being actively exploited in the wild and it is highly recommended that the systems are updated/patched immediately.

The vulnerability allows attackers to conduct web-based attacks by convincing the user to view a specially crafted website that is designed to exploit the vulnerability within Internet Explorer. Attackers could also infect the previously compromised websites to contain specially crafted content that could exploit the vulnerability.

Impact

An authenticated remote attacker can execute arbitrary code in the targeted systems, allowing the threat actor to gain the same user rights as the current user. This means that, if an attacker exploits a vulnerable machine while the current logged in user has administrative user rights, then the attacker can take full control of the system.

Impact Summary

Category: Remote Code Execution
CVSS 3.1 Base Score: 7.5 High
CVSS 3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Solution (Update)

To defend against possible attacks due to this critical Internet Explorer vulnerability (CVE-2020-1380), vulnerable MS Windows 10 and Server versions needs to be updated/patched in line with the Microsoft Security Update Guide.

Quote by Bruce Schneier — Quote by *Bruce Schneier*

I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually ‘Nothing; you’re screwed’.
Bruce Schneier

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Critical Internet Explorer Vulnerability (CVE-2020-1380)

Overview

Description

Impact

Solution (Update)

References to Advisories, Solutions and Tools

Zero-Day Vulnerabilities in Google Chrome in 2022

Microsoft Patches 55 CVEs and 6 Zero-Days with November 2021 Updates

Static SSH Keys Vulnerability in Cisco Policy Suite (CVE-2021-40119)

Multiple Vulnerabilities on Cisco Catalyst PON Series Switches (CVE-2021-34795, CVE-2021-40113)

Google Patches 2 Zero-Days in Chrome Browser (CVE-2021-38000, CVE-2021-38003)