CVE-2020-1214: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2020-1214) exists in the way that the VBScript engine handles objects in memory, known as 'VBScript Remote Code Execution Vulnerability'. This vulnerability was discovered in 2019 and affects various Microsoft systems including Internet Explorer 11 and multiple versions of Windows 10 (CVE Details).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Under CVSS v2.0, it received a Base Score of 7.6 (HIGH) with the vector (AV:N/AC:H/Au:N/C:C/I:C/A:C). The vulnerability specifically relates to memory handling within the VBScript engine (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights (CVE Details).

Microsoft has released security updates to address this vulnerability. Users are advised to apply the appropriate security updates provided through the Microsoft Security Response Center (MSRC Advisory).