CVE-2020-0673: 
vulnerability analysis and mitigation

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, identified as CVE-2020-0673. This vulnerability is also known as 'Scripting Engine Memory Corruption Vulnerability' and was disclosed in February 2020. The vulnerability affects multiple versions of Internet Explorer (9, 10, and 11) across various Windows operating systems (NVD, CVE).

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 7.5 (HIGH) and vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The CVSS v2.0 base score is 7.6 (HIGH) with vector (AV:N/AC:H/Au:N/C:C/I:C/A:C). The vulnerability requires user interaction and has high complexity for exploitation (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights (NVD).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate patches through Microsoft's security advisory (MSRC).