Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day


ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can be exploited for remote code execution by getting the targeted user to visit a specially crafted website with an affected version of the browser.

The flaw affects the scripting engine in Internet Explorer, specifically a library named jscript.dll, which ensures compatibility with a deprecated version of the JScript scripting language. Internet Explorer 9, 10 and 11 are impacted.

Read more…