CVE-2020-0968
Published: 15 April 2020
Summary
CVE-2020-0968 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Microsoft Windows 10 1709. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).
Deeper analysis
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, tracked as CVE-2020-0968 and also known as the Scripting Engine Memory Corruption Vulnerability. It is distinct from CVE-2020-0970 and is associated with CWE-787. The issue received a CVSS 3.1 score of 7.5, reflecting network attack vector, high attack complexity, no required privileges, and required user interaction.
An attacker can exploit the flaw over the network by supplying specially crafted content that triggers memory corruption when processed by the scripting engine in Internet Explorer. Successful exploitation grants the ability to execute arbitrary code with the privileges of the current user, potentially leading to full confidentiality, integrity, and availability impacts on the affected system.
Microsoft security advisories at the referenced MSRC portal provide official guidance and patches for the vulnerability. The CISA Known Exploited Vulnerabilities catalog entry confirms that the issue has been observed in active exploitation, underscoring the need for prompt application of available updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-2436
Vulnerability details
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of vendor patches to remediate the known scripting-engine memory-corruption flaw before exploitation succeeds.
Restricts or sandbox-executes mobile code (scripts) processed by Internet Explorer, blocking the specially crafted content that triggers the RCE.
Enforces least functionality by disabling or limiting scripting features and unnecessary IE components that the attacker relies on to reach the vulnerable engine.