CVE-2020-0968

CVE Database · CVE-2020-0968

CVE-2020-0968

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

30.02%

Published

Apr 15, 2020

Modified

Oct 29, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-787CWE-787

Affected Products (31)

microsoft · internet_explorervulnerable

microsoft · windows_10_1507

microsoft · windows_10_1607

microsoft · windows_10_1709

microsoft · windows_10_1803

microsoft · windows_10_1809

References (3)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0968

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0968

PatchVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0968

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs