CVE-2020-0848: 
C# vulnerability analysis and mitigation

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, identified as CVE-2020-0848. This vulnerability, also known as 'Scripting Engine Memory Corruption Vulnerability', was disclosed in March 2020. The vulnerability affects Microsoft Edge and Windows systems, including various versions of Windows 10 and ChakraCore versions up to (excluding) 1.11.17 (NVD, MITRE).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. This indicates that the vulnerability is network exploitable but requires high attack complexity and user interaction. The vulnerability is classified as an Out-of-bounds Write (CWE-787) issue, which could lead to memory corruption (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. Users with administrative privileges would be more severely impacted compared to users with restricted access. The vulnerability could potentially lead to full system compromise if the user has administrative rights (NVD).

Microsoft has released security updates to address this vulnerability. Users should update to ChakraCore version 1.11.17 or later. The security update addresses the vulnerability by correcting how the ChakraCore scripting engine handles objects in memory (MSRC).