HighCISA KEVExploited in the wildPublic exploit

Internet Explorer Scripting Engine Memory Corruption RCE

IdentifiersCVE-2020-0968CWE-787· Out-of-bounds Write

CVE-2020-0968 is a remote code execution vulnerability in the Internet Explorer scripting engine caused by improper handling of objects in memory. Microsoft describes it as a scripting engine memory corruption vulnerability. The issue can be triggered when Internet Explorer processes malicious content that causes memory corruption in the scripting engine, leading to attacker-controlled code execution in the context of the current user. Supporting content also places this flaw in the broader class of Internet Explorer/JScript memory corruption issues that were exploited in the wild in 2020, including delivery via malicious RTF content that retrieved an HTML page exploiting the vulnerability.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can allow remote code execution on the target system in the security context of the current user. This can enable full compromise of the affected browser process and, depending on user privileges, installation of malware, data theft, persistence, and further post-compromise activity. The content also notes that the vulnerability was exploited in the wild, including use by espionage operators to deliver follow-on malware.

Mitigation

If you can’t patch tonight, do this now.

Until patching is complete, reduce exposure by disabling or restricting Internet Explorer use, especially legacy or unnecessary browser invocation paths. Limit opening of untrusted RTF, HTML, and web content delivered via email or downloaded from the internet. Use least-privilege user accounts to reduce post-exploitation impact. Standard exploit mitigations such as DEP/NX and ASLR may reduce exploit reliability but are not substitutes for patching.

Remediation

Patch, then assume compromise.

Apply Microsoft's April 2020 security update that patches CVE-2020-0968. Ensure Internet Explorer and the underlying scripting engine components are fully updated across all supported systems. Because the vulnerability was exploited in the wild, patching should be prioritized on systems where Internet Explorer or IE-based rendering paths remain present or reachable.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Microsoft CorporationInternet Explorerapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

confiant blogNews

Apr 14, 2026

Internet Explorer CVE-2019-1367 In the wild Exploitation - prelude

A related scripting engine vulnerability patched by Microsoft and reportedly exploited in the wild, though the article says its relation to the same bug class is unknown.

eset welivesecurity blogNews

Oct 2, 2020

XDSpy: Stealing government secrets since 2011

An Internet Explorer legacy JavaScript engine vulnerability used by XDSpy for client-side exploitation via a malicious RTF/HTML chain; significant because XDSpy used it as a 1-day exploit after a vendor patch and before public proof-of-concept details were widely available.

cwe mitreNews

Mar 18, 2026

CWE - CWE-787: Out-of-bounds Write (4.19.1)

A memory corruption vulnerability in a web browser scripting engine; noted as exploited in the wild (CISA KEV).

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence2

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2020-0968

NVD

nvd.nist.gov/vuln/detail/CVE-2020-0968

MITRE CWE · CWE-787

Out-of-bounds Write

Patch

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0968

US Government Resource

cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0968