Cyber Resilience

CVE-2020-0878

MediumCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 11 September 2020

Published
11 September 2020
Modified
23 February 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 4.2 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score 0.0527 90.2th percentile
Risk Priority 32 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-0878 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Internet Explorer. Its CVSS base score is 4.2 (Medium).

Operationally, ranked in the top 9.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A remote code execution vulnerability exists in Microsoft browsers due to improper handling of objects in memory. Successful exploitation can corrupt memory and allow an attacker to execute arbitrary code in the context of the current user, potentially leading to full system compromise if the user has administrative rights. The issue is tracked under CWE-787 and carries a CVSS score of 4.2.

An attacker can exploit the flaw by hosting a specially crafted website and convincing a user to visit it, often through email, instant messaging, or compromised sites that serve malicious content or ads. No user action beyond viewing the page is forced, but the attacker must rely on social engineering to succeed. Once exploited, the attacker gains the same privileges as the logged-in user.

The official security update mitigates the vulnerability by changing how Microsoft browsers handle objects in memory, as described in the Microsoft Security Response Center advisory. The CVE is referenced in the CISA Known Exploited Vulnerabilities catalog.

EU & UK References

Vulnerability details

<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.…

more

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers, and then convince a user to view the website. The attacker could also take advantage of compromised websites, or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability. In all cases, however, an attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically via an enticement in email or instant message, or by getting them to open an email attachment.</p> <p>The security update addresses the vulnerability by modifying how Microsoft browsers handle objects in memory.</p>

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
internet explorer
11, 9
microsoft
edge
all versions
microsoft
chakracore
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor security update that modifies browser object-in-memory handling to eliminate the root cause of CVE-2020-0878.

prevent

Mandates memory-protection mechanisms that mitigate the exact class of memory-corruption flaw (CWE-787) exploited by this browser RCE.

preventdetect

Requires malicious-code detection and blocking controls that can stop or alert on the specially crafted web content used to trigger the vulnerability.

References