CVE-2020-0606

CWE-20Improper Input Validation8 documents7 sources
Severity
8.8HIGH
EPSS
32.3%
top 3.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
49
Microsoft .net CoreMicrosoft Microsoft .net Framework 3.0Microsoft Microsoft .net Framework 3.5+46 more
Timeline
PublishedJan 14
Latest updateMay 24

Description

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages53 packages

NVDmicrosoft/.net_framework11 versions+10
CVEListV5microsoft/microsoft_.net_framework_3.0Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2+2
CVEListV5microsoft/microsoft_.net_framework_4.6Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems Service Pack 2+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

3
GHSA
Remote code execution in Microsoft.WindowsDesktop.App.Ref2022-05-24
OSV
Remote code execution in Microsoft.WindowsDesktop.App.Ref2022-05-24
CVEList
CVE-2020-0606: A remote code execution vulnerability exists in2020-01-14

📋Vendor Advisories

3
Microsoft
.NET Framework Remote Code Execution Vulnerability2020-01-14
Red Hat
dotnet: Malfunctioning StickyNotes annotation XML files malicious execution prevetion2020-01-14
Red Hat
dotnet: Bypass of WPF XAML payload prevention2020-01-14

💬Community

1
Bugzilla
CVE-2020-0606 dotnet: Malfunctioning StickyNotes annotation XML files malicious execution prevetion2020-01-09