Cyber security Focus – IE Scripting Engine Memory Corruption Vulnerability (11th Aug 2020)

Preface: In Windows 10, there are two ways to uninstall Internet Explorer.

Option 1:Turn Windows features on or off option
Option 2: Disable IE11 using PowerShell commands

Open PowerShell and Run as administrator. Execute the following command:
Disable-WindowsOptionalFeature -FeatureName Internet-Explorer-Optional-amd64 –Online

Security Focus: CVE-2020-1380 – Scripting Engine Memory Corruption Vulnerability

Even you turn off the Internet Explorer, there still have way let the ongoing works involves related system component of Internet Explorer. The fact is that mshtml.dll is the major component of Internet Explorer. This component manage the HTML, CSS parsing and rendering functionality. For example, when a user browses from an HTML page to a Word document, mshtml. dll is swapped out for the DLL provided by Word, which then renders that document type. In the sense that if vulnerability occurs in Internet Explorer. Perhaps you do not use, but still require to do the patching. Should you have interest to know the details, please refer to attached diagram.

Vulnerability Details: CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11. According to the official information issued by Microsoft on 12th Feb 2020. The technical details of CVE-2020-0674 explicitly same as design weakness for this vulnerability. Since the official details did not describe the actual technical problem of this matter. I believe that it will let the attacker exploit use-after-free vulnerability.

Official announcement : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380

One thought on “Cyber security Focus – IE Scripting Engine Memory Corruption Vulnerability (11th Aug 2020)”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.