Internet Explorer RCE Vulnerability

Microsoft has released a security advisory to address a critical remote code execution (RCE) vulnerability in Internet Explorer. A remote, unauthenticated user could exploit this vulnerability to take control of an affected system.

Threat ID:: CC-3350
Category:
Threat Severity:: Low
Threat Vector:
Published:: 23 January 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Affected platforms

The following platforms are known to be affected:

Internet Explorer

Microsoft Internet Explorer - Versions 9 to 11

Threat details

the vulnerability is a the result of unspecified memory corruption in the Internet Explorer scripting engine. By sending a specially crafted document (Office, HTML, PDF, etc) that supports embedded IE scripting content, an attacker may be able to execute arbitrary code.

For further information:

Remediation steps

Type	Step
	At the time of publication, Microsoft have not made an update available to fully address this vulnerability. However, they have provided workarounds that may be applied to partially mitigate the threat posed by this vulnerability; and have also recommended using an alternative web browser until updates are made available. Affected organisation are encouraged to review Microsoft’s advisory ADV20001 to obtain the workaround steps.

Type

Step

At the time of publication, Microsoft have not made an update available to fully address this vulnerability. However, they have provided workarounds that may be applied to partially mitigate the threat posed by this vulnerability; and have also recommended using an alternative web browser until updates are made available. Affected organisation are encouraged to review Microsoft’s advisory ADV20001 to obtain the workaround steps.

CVE Vulnerabilities

Status

CVE-2020-0674

Last edited: 29 June 2021 12:00 pm