VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-udkj-r6hr-kfbm

Vulnerability ID	VCID-udkj-r6hr-kfbm
Aliases	CVE-2020-0878
Summary	A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
Status	Published
Exploitability	2.0
Weighted Severity	0.0
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.05268	https://api.first.org/data/v1/epss?cve=CVE-2020-0878
epss	0.05268	https://api.first.org/data/v1/epss?cve=CVE-2020-0878
cvssv3.1	4.2	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878
ssvc	Attend	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2020-0878
cpe:2.3:a:microsoft:chakracore::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:chakracore::::::::
cpe:2.3:a:microsoft:edge:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:edge:-:::::::*
cpe:2.3:a:microsoft:internet_explorer:11:-::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:11:-::::::
cpe:2.3:a:microsoft:internet_explorer:9:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:internet_explorer:9:::::::*
CVE-2020-0878		https://nvd.nist.gov/vuln/detail/CVE-2020-0878
CVE-2020-0878		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878

Data source	KEV
Date added	Nov. 3, 2021
Description	Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
Required action	Apply updates per vendor instructions.
Due date	May 3, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2020-0878
Ransomware campaign use	Known

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T18:21:10Z/ Found at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878

Exploit Prediction Scoring System (EPSS)

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:20:24.471744+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2020-0878.yml	38.6.0