CVE-2020-0674

HIGH KEV

Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-0674 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 6 public exploits from researchers including Forrest Orr, maxpl0it, Neko-chanQwQ.

AI-analyzed exploit summary This is a 64-bit exploit for CVE-2020-0674 targeting Microsoft Internet Explorer 8/11 and the WPAD service on Windows 7 and 8.1 x64. It leverages a use-after-free vulnerability to achieve remote code execution, bypassing DEP, ASLR, and CFG.

Description

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.

Exploits (6)

exploitdb WORKING POC
by Forrest Orr · javascriptlocalwindows_x86-64
https://www.exploit-db.com/exploits/49863

This is a 64-bit exploit for CVE-2020-0674 targeting Microsoft Internet Explorer 8/11 and the WPAD service on Windows 7 and 8.1 x64. It leverages a use-after-free vulnerability to achieve remote code execution, bypassing DEP, ASLR, and CFG.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8-11 (64-bit) and WPAD service on Windows 7 and 8.1 x64
No auth needed
Prerequisites: Target must be running a vulnerable version of Internet Explorer or WPAD service on Windows 7 or 8.1 x64
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by maxpl0it · textlocalwindows
https://www.exploit-db.com/exploits/49062

This is a functional exploit for CVE-2020-0674, a use-after-free vulnerability in Microsoft Internet Explorer 11. The exploit leverages a garbage collection issue in Array.sort() to achieve remote code execution by manipulating memory structures and executing calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft Internet Explorer 8, 9, 10, 11
No auth needed
Prerequisites: Target must be using a vulnerable version of Internet Explorer · JavaScript must be enabled · Target must visit a malicious webpage
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 226 stars
by maxpl0it · client-side
https://github.com/maxpl0it/CVE-2020-0674-Exploit

This repository contains a proof-of-concept exploit for CVE-2020-0674, a use-after-free vulnerability in the legacy jscript engine of Internet Explorer. The exploit targets Windows 7 with specific IE configurations and is designed to pop calc.exe.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Internet Explorer 8-11 (x64 builds)
No auth needed
Prerequisites: Windows 7 with specific IE configurations · x64 builds of IE 8-11 · Enhanced Protected Mode or TabProcGrowth enabled for IE 10/11
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by Neko-chanQwQ · poc
https://github.com/Neko-chanQwQ/CVE-2020-0674-PoC

This PoC automates the testing of CVE-2020-0674, a remote code execution vulnerability in Internet Explorer, by using Selenium to open a malicious HTML file or URL in IE11. It requires user input for the HTML path or URL and the IE driver path.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Internet Explorer 11
No auth needed
Prerequisites: Selenium library · IE driver · Malicious HTML file or URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Ken-Abruzzi · client-side
https://github.com/Ken-Abruzzi/CVE-2020-0674

This repository contains a proof-of-concept exploit for CVE-2020-0674, a use-after-free vulnerability in the legacy jscript engine of Internet Explorer. The exploit targets Windows 7 with specific IE configurations and is designed to pop calc.exe.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Internet Explorer 8-11 (x64 builds)
No auth needed
Prerequisites: Windows 7 with specific IE configurations · x64 build of Internet Explorer
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/maxpl0it/CVE-2020-0674-Exploit

Scores

CVSS v3 7.5
EPSS 0.9364
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2020-02-11
InTheWild.io 2020-02-11
ENISA EUVD EUVD-2020-2167
CWE
CWE-416
Status published
Products (3)
microsoft/internet_explorer 9
microsoft/internet_explorer 10
microsoft/internet_explorer 11
Published Feb 11, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026