Advertisement
The flaw, tracked as CVE-2020-0674 and described as a memory corruption issue, affects the scripting engine in Internet Explorer, specifically a JScript component. The problematic component is a library named jscript.dll, which provides compatibility with a deprecated version of the JScript scripting language.
According to Microsoft, the vulnerability can be exploited for remote code execution in the context of the targeted user. The attacker must convince the target to visit a specially crafted website in order to exploit the vulnerability. The flaw can be leveraged to take control of an affected system if the targeted user has administrator privileges.