CISA Known Exploited Vulnerability

CVE-2020-0674

Microsoft · Internet Explorer

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Date added 2021-11-03

BOD 22-01 due date 2022-05-03

CWE CWE-416

Ransomware Unknown

CISA description

Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

Required action

Apply updates per vendor instructions.

Notes & references

https://nvd.nist.gov/vuln/detail/CVE-2020-0674

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2020-0674
CVE.org · CVE-2020-0674
CISA KEV catalog (canonical)