CVE-2020-0813: 
C# vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2020-0813) exists in Microsoft's Chakra scripting engine that could allow an attacker to access contents of system memory. The vulnerability was disclosed and patched as part of Microsoft's March 2020 Patch Tuesday updates. This vulnerability affects Microsoft Edge and Windows systems, including Windows 10 versions 1709 through 1909 and their corresponding server versions (NVD).

The vulnerability occurs when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To successfully exploit this vulnerability, an attacker must know the memory address of where the object was created. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

If successfully exploited, this vulnerability could allow an attacker to obtain information that could be used to further compromise the affected system. The impact is limited to information disclosure, with no direct impact on system integrity or availability. The attacker could potentially use the leaked information to facilitate other attacks (NVD).

Microsoft has addressed this vulnerability by changing the way certain functions handle objects in memory. Users should apply the security updates released in March 2020 to affected systems. The update is available through Windows Update or can be downloaded from the Microsoft Update Catalog (NVD).