VYPR
← All advisories
High severityNVD Advisory· Published Mar 12, 2020· Updated Aug 4, 2024

CVE-2020-0830

CVE-2020-0830

Description

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A memory corruption vulnerability in the scripting engine of Microsoft browsers allows remote code execution via crafted web content.

CVE-2020-0830 is a memory corruption vulnerability in the scripting engine of Microsoft browsers, such as Internet Explorer and Edge. The issue arises when the scripting engine improperly handles objects in memory, leading to corrupt memory that can be exploited by an attacker. This vulnerability is part of a group of similar scripting engine flaws patched in March 2020 [1].

To exploit this vulnerability, an attacker must host a specially crafted website or embed malicious content in a web page, then convince a user to visit the page, typically via email or instant message links. No special privileges are required on the target system; any user who views the attacker-controlled content with a vulnerable browser is at risk [1].

Successful exploitation grants the attacker remote code execution in the context of the current user. If the user has administrative rights, the attacker could gain full control of the system, including installing programs, viewing or modifying data, and creating new accounts [1].

Microsoft released security updates in March 2020 to address this vulnerability and the related scripting engine bugs. Users should install the latest updates for their browsers and operating systems to mitigate the risk. There is no workaround available besides applying the patch [1].

References
  1. NVD - CVE-2020-0830

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.ChakraCoreNuGet
< 1.11.171.11.17

Affected products

31
  • ghsa-coords
    pkg:nuget/microsoft.chakracore
    Range: < 1.11.17
  • Microsoft/ChakraCorev5
    Range: unspecified
  • Microsoft/Internet Explorer 11v5
    Range: Windows 10 Version 1803 for 32-bit Systems
  • Microsoft/Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Internet Explorer 11 on Windows Server 2012v5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1909 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft Edge (EdgeHTML-based) on Windows Server 2019v5
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.