CVE-2020-0828: 
C# vulnerability analysis and mitigation

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, known as 'Scripting Engine Memory Corruption Vulnerability'. This vulnerability was disclosed in March 2020 and affects Microsoft's ChakraCore scripting engine. The vulnerability is tracked as CVE-2020-0828 and is distinct from several other scripting engine vulnerabilities (CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848) (NVD, MITRE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified as an Out-of-bounds Write (CWE-787) issue. The affected versions include ChakraCore versions up to (excluding) 1.11.17 (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Users with administrative privileges could be more severely impacted than those with limited rights (NVD).

Microsoft has released security updates to address this vulnerability. Users should apply the appropriate security updates through Microsoft's standard update channels (MSRC).