The Microsoft Internet Explorer browser has a critical vulnerability. The group reports on its website. The error resulted in an attacker being able to run any program with the same rights as the user currently logged on.
If the user has administrator rights, an attacker can even take complete control of the PC and view, change and delete data or create an account with full access rights. In order to exploit the vulnerability, attackers only have to lure their victims to a suitably prepared website.
A so-called remote attack could allow criminals to exploit the security leak to gain complete control over the respective computer system. According to Microsoft, only a few targeted attacks are known so far, but it is still recommended to uninstall Internet Explorer at the moment. Because so far there is no patch that closes the security gap.
A remote code execution vulnerability exists in the way that the scripting engine treats objects in Internet Explorer memory. The vulnerability could damage the memory so that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could be granted the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs, view, change or delete data, or create new accounts with full user rights.
CVE-2020-0674 A Vulnerability
It exists in Microsoft Internet Explorer which is due to an unspecified vulnerability in the Internet Explorer scripting engine. Memory corruption is possible as a result. A remote, anonymous attacker can use this vulnerability to execute arbitrary code. To successfully exploit this vulnerability, the attacker would have to persuade the user to open a modified URL or website in their web browser or to open a modified file that uses the scripting engine.