CVE-2020-0674

CVE Database · CVE-2020-0674

CVE-2020-0674

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

86.86%

Published

Feb 11, 2020

Modified

Oct 29, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (7)

All weaponized →

Exploit-DBMicrosoft Internet Explorer 11 - Use-After-Free Exploit-DBMicrosoft Internet Explorer 11 and WPAD service 'Jscript.dll' - Use-After-Free TrickestTrickest PoC index GitHub PoCmaxpl0it/CVE-2020-0674-Exploit★223 GitHub PoCNeko-chanQwQ/CVE-2020-0674-PoC★1 GitHub PoCKen-Abruzzi/CVE-2020-0674★0 GitHub PoCMicky-Thongam/Internet-Explorer-UAF★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (32)

microsoft · internet_explorervulnerable

microsoft · windows_server_2008

microsoft · internet_explorervulnerable

microsoft · windows_server_2012

microsoft · internet_explorervulnerable

microsoft · windows_10_1507

microsoft · windows_10_1607