Severity Rating: High

Software Affected
·         Internet Explorer 11 for
·         Windows 10 Version 2004 for x64-based Systems and  ARM64-based Systems
·         Windows 10 Version 1803 for 32-bit Systems, x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1809 for 32-bit Systems,  x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1909 for 32-bit Systems,  x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1709 for 32-bit Systems, x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1903 for 32-bit Systems, x64-based Systems and ARM64-based Systems
·         Windows 10 Version 1607 for 32-bit Systems and for x64-based Systems
·         Windows 10 for 32-bit Systems and x64-based Systems
·         Windows 10 Version 2004 for 32-bit Systems
·         Windows 7 for 32-bit Systems Service Pack 1 and x64-based Systems Service Pack 1
·         Windows 8.1 for 32-bit systems and x64-based systems
·         Windows Server 2008 R2 for x64-based Systems Service Pack 1
·         Windows RT 8.1
·         Windows Server 2012 R2
·         Windows Server 2012
·         Windows Server 2016
·         Windows Server 2019
·         Internet Explorer 9 for
·         Windows Server 2008 for 32-bit Systems Service Pack 2
·         Windows Server 2008 for x64-based Systems Service Pack 2

Overview
Multiple remote code execution vulnerabilities has been reported in Microsoft VBScript which could allow a remote attacker to execute arbitrary
code on the targeted system.

Description
These vulnerabilities exists in Microsoft VBScript due to improper handling
of objects in memory by VBScript engine. A remote attacker could exploit
this vulnerability by hosting a specially crafted website that is designed
to exploit the vulnerability through Internet Explorer and then convince a
user to view the website.

Successful exploitation of this Vulnerability could allow the attackers to
execute arbitrary code in the context of the current user and could take
control of an affected system.   

Solution
Apply appropriate patches as mentioned in Microsoft Security Guidance

Vendor Information
Microsoft

Reference
Microsoft

CVE Name
CVE-2020-1213
CVE-2020-1216
CVE-2020-1260

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

View all posts [..]

Related Posts

© Copyright 2020. Designed By Templateify

© Copyright 2020. Ud64

Scroll to Top