E20-0rt11
CVSS:
7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
False Positive:
f
Variants:
2
Year:
2019
Description
This strike exploits a vulnerability in the Microsoft Internet Explorer scripting engine.
Specifically, an attacker can craft an HTML page containing a Javascript script in such a way that a call to 'jscript!JSONStringifyObject()' frees an object that is later going to be referred by 'jscript!PrepareInvoke()', resulting in a use-after-free condition.
A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted web page.
Successful exploitation could lead to arbitrary code execution in the security context of the target user.