Internet Explorer
CVE-2020-17052
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Scripting Engine Memory Corruption Vulnerability
AnalysisAI
Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Affected products include: Microsoft Internet Explorer, Microsoft Edge.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
More in Internet Explorer
View allMicrosoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allo
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause
Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a cr
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbit
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protecti
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Serve
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary c
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today