CVE-2020-1380 – CVE-2020-1380 is a remote code execution vulner... (How to Fix)

Q: What is the severity of CVE-2020-1380?

CVE-2020-1380 has a CVSS score of 7.8 (HIGH). CVE-2020-1380 is a remote code execution vulnerability in Internet Explorer's scripting engine that allows attackers to execute arbitrary code by exploiting memory corruption. It affects users running vulnerable versions of Internet Explorer, particularly those who browse untrusted websites or open malicious Office documents. Successful exploitation gives attackers the same privileges as the current user, which could lead to full system compromise if the user has administrative rights.

📋 TL;DR

CVE-2020-1380 is a remote code execution vulnerability in Internet Explorer's scripting engine that allows attackers to execute arbitrary code by exploiting memory corruption. It affects users running vulnerable versions of Internet Explorer, particularly those who browse untrusted websites or open malicious Office documents. Successful exploitation gives attackers the same privileges as the current user, which could lead to full system compromise if the user has administrative rights.

💻 Affected Systems

Products:

Internet Explorer
Microsoft Office (when using IE rendering engine)

Versions: Internet Explorer 9, 10, 11 on supported Windows versions

Operating Systems: Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with Internet Explorer enabled, even if not the default browser. Office documents using IE rendering engine are also vulnerable.

📦 What is this software?

Internet Explorer by Microsoft

View all CVEs affecting Internet Explorer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of malware, data theft, and creation of new accounts.

🟠

Likely Case

Malware installation or data theft through drive-by downloads when users visit compromised websites.

🟢

If Mitigated

Limited impact if users have restricted privileges and security controls block malicious content.

🌐 Internet-Facing: HIGH - Exploitable through web browsing and malicious websites.

🏢 Internal Only: MEDIUM - Exploitable through internal web applications or malicious documents.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and has been used in real-world attacks. Exploitation requires user interaction (visiting malicious website or opening document).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: August 2020 security updates (KB4565351 for Windows 10, KB4565483 for Windows 8.1, etc.)

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380

Restart Required: Yes

Instructions:

1. Apply August 2020 Microsoft security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Verify updates are installed and restart systems as required.

🔧 Temporary Workarounds

Disable Internet Explorer

windows

Disable Internet Explorer browser to prevent exploitation through web browsing.

Disable-WindowsOptionalFeature -Online -FeatureName Internet-Explorer-Optional-amd64

Restrict ActiveX controls

windows

Configure Internet Explorer to disable or prompt for ActiveX controls.

Set via Group Policy: Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Security Features > Add-on Management > Turn off ActiveX controls

🧯 If You Can't Patch

Use alternative browsers like Microsoft Edge or Chrome instead of Internet Explorer.
Implement application whitelisting to prevent execution of unauthorized code.

🔍 How to Verify

Check if Vulnerable:

Check if August 2020 security updates are installed via 'wmic qfe list' or 'Get-Hotfix -Id KB4565351' (adjust KB number for your OS).

Check Version:

wmic qfe list | findstr KB4565351 (or appropriate KB number for your OS)

Verify Fix Applied:

Verify the specific KB patch for your Windows version is installed and Internet Explorer version is updated.

📡 Detection & Monitoring

Log Indicators:

Internet Explorer crash logs (jscript9.dll)
Windows Event Logs with Application Error events for iexplore.exe
Unexpected process creation from Internet Explorer

Network Indicators:

HTTP requests to known malicious domains hosting exploit code
Downloads of suspicious scripts or ActiveX controls

SIEM Query:

EventID=1000 AND SourceName='Application Error' AND ProcessName='iexplore.exe' AND FaultModuleName='jscript9.dll'

📊 Metadata

CVE ID: CVE-2020-1380

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 17, 2020

Last Updated: February 23, 2026

🔗 References

http://packetstormsecurity.com/files/163056/Internet-Explorer-jscript9.dll-Memory-Corruption.html Third Party Advisory,VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380 Patch,Vendor Advisory
http://packetstormsecurity.com/files/163056/Internet-Explorer-jscript9.dll-Memory-Corruption.html Third Party Advisory,VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380 Patch,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-1380 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-1380, you might also want to check these: