CVE-2020-0768: 
C# vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-0768) exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability, also known as 'Scripting Engine Memory Corruption Vulnerability', was disclosed and addressed in Microsoft's March 2020 security updates (NIST NVD). The vulnerability affects multiple Microsoft products including Edge, Internet Explorer 11, and ChakraCore versions up to 1.11.17.

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as an Out-of-bounds Write (CWE-787) issue. This vulnerability is unique and distinct from several other scripting engine vulnerabilities (CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848) (MITRE CVE).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Users with administrative privileges could be more severely impacted than those with restricted access (NIST NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate security updates for their affected systems and products, including Windows 10, Windows Server versions, Internet Explorer 11, Microsoft Edge, and ChakraCore (MSRC Advisory).