INTERNET EXPLORER REMOTE CODE EXECUTION VULNERABILITY

Reference:
Advisory #2020-027

Version:
1.0

Affected software:
Internet Explorer version 11

Type:
Remote code execution

CVE/CVSS:
CVE-2020-1380

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380 https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/

Risks

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. The attacker could exploit this vulnerability to take control of an affected system.

Description

A remote code execution (RCE) bug resides in the scripting engine's library jscript9.dll, which is used by default by all versions of Internet Explorer since IE9. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website.

The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. They could embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine.

Researchers & Microsoft confirmed the exploitation of this vulnerability that is currently being exploited in active attacks.

Recommended Actions

CERT.be recommends users to always keep their systems up to date.

These updates are available through windows update or via the following link: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380

References