CVE-2020-0827: 
C# vulnerability analysis and mitigation

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, known as 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability is tracked as CVE-2020-0827 and is distinct from several other vulnerabilities including CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, and CVE-2020-0848 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a base score of 7.6 (HIGH) with vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C). The vulnerability is classified as CWE-787 (Out-of-bounds Write) (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Users with administrative privileges could be more severely impacted than those with restricted access (NVD).

Microsoft has released security updates to address this vulnerability. The patch corrects how the ChakraCore scripting engine handles objects in memory (MSRC Advisory).