Microsoft Scripting Engine
CVE-2020-17052 — Scripting Engine Memory Corruption Vulnerability
Executive Summary
None
Overview
7.5
CVSS HIGH
Critical
MS Severity
Not Exploited
MS Exploit Status
More Likely
MS Exploit Likelihood
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
ATTACK VECTOR
Network
ATTACK COMPLEXITY
High
PRIVILEGES REQUIRED
None
USER INTERACTION
Required
SCOPE
Unchanged
CONFIDENTIALITY
High
INTEGRITY
High
AVAILABILITY
High
EXPLOIT CODE MATURITY
Proof-of-Concept
REMEDIATION LEVEL
Official Fix
REPORT CONFIDENCE
Confirmed
Temporal Score: 6.7
EPSS Score
0.02455
probability of exploitation in the next 30 days
0.82299 percentile - updated 2026-06-21
View on FIRST.org
Affected Products
26 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Internet Explorer 11 on Windows 10 for 32-bit Systems | 4586787 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 for x64-based Systems | 4586787 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for 32-bit Systems | 4586830 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1607 for x64-based Systems | 4586830 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for 32-bit Systems | 4586785 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for ARM64-based Systems | 4586785 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1803 for x64-based Systems | 4586785 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for 32-bit Systems | 4586793 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for ARM64-based Systems | 4586793 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1809 for x64-based Systems | 4586793 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems | 4586786 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems | 4586786 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems | 4586786 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems | 4586786 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems | 4586786 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems | 4586786 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for 32-bit Systems | 4586781 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based Systems | 4586781 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 2004 for x64-based Systems | 4586781 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for 32-bit Systems | 4586781 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 10 Version 20H2 for ARM64-based Systems | 4586781 (Security Update) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows 7 for 32-bit Systems Service Pack 1 4586827 (Monthly Rollup) 4586768 (IE Cumulative) Critical Remote Code Execution 4580345 4580326 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586827 Internet Explorer 11 on Windows 7 for x64-based Systems Service Pack 1 4586827 (Monthly Rollup) 4586768 (IE Cumulative) Critical Remote Code Execution 4580345 4580326 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586827 Internet Explorer 11 on Windows 8.1 for 32-bit systems 4586768 (IE Cumulative) 4586845 (Monthly Rollup) Critical Remote Code Execution 4580326 4580347 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586845 Internet Explorer 11 on Windows 8.1 for x64-based systems 4586768 (IE Cumulative) 4586845 (Monthly Rollup) Critical Remote Code Execution 4580326 4580347 Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586845 Internet Explorer 11 on Windows RT 8.1 | 4586845 (Monthly Rollup) |
Critical | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 4586827 (Monthly Rollup) 4586768 (IE Cumulative) Moderate Remote Code Execution 4580345 4580326 Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586827 Internet Explorer 11 on Windows Server 2012 4586768 (IE Cumulative) 4586834 (Monthly Rollup) Moderate Remote Code Execution 4580326 4580382 Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586834 Internet Explorer 11 on Windows Server 2012 R2 4586768 (IE Cumulative) 4586845 (Monthly Rollup) Moderate Remote Code Execution 4580326 4580347 Base: 6.4 Temporal: 5.8 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Yes 4586845 Internet Explorer 11 on Windows Server 2016 | 4586830 (Security Update) |
Moderate | Remote Code Execution | Yes |
| Internet Explorer 11 on Windows Server 2019 | 4586793 (Security Update) |
Moderate | Remote Code Execution | Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systems | 4586787 (Security Update) |
Critical | Remote Code Execution | Yes |
| Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systems | 4586787 (Security Update) |
Critical | Remote Code Execution | Yes |
Patches
7 patches
| Article | Type | Restart |
|---|---|---|
4586787 |
Security Update | Yes |
4586830 |
Security Update | Yes |
4586785 |
Security Update | Yes |
4586793 |
Security Update | Yes |
4586786 |
Security Update | Yes |
4586781 |
Security Update | Yes |
4586845 |
Monthly Rollup | Yes |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
Yongil Lee of Diffense(https://www.diffense.com)
References
On This Page