CVE-2020-1147
published 2020-07-14CVE-2020-1147: A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Affected
138 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft.netcore.app.runtime.linux-arm | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.linux-arm64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-arm64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.linux-musl-x64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.linux-x64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.osx-x64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.win-arm | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.win-arm64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.win-x64 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft.netcore.app.runtime.win-x86 | >= 3.1.0 < 3.1.6 | 3.1.6 |
| microsoft | microsoft_net_framework_2.0 | — | — |
| microsoft | microsoft_net_framework_2.0 | — | — |
| microsoft | microsoft_net_framework_3.0 | — | — |
| microsoft | microsoft_net_framework_3.0 | — | — |
| microsoft | microsoft_net_framework_3.5 | — | — |
| microsoft | microsoft_net_framework_3.5 | — | — |
| microsoft | microsoft_net_framework_3.5 | — | — |
| microsoft | microsoft_net_framework_3.5 | — | — |
| microsoft | microsoft_net_framework_3.5 | — | — |
| microsoft | microsoft_net_framework_3.5 | — | — |
| microsoft | microsoft_net_framework_3.5.1 | — | — |
| microsoft | microsoft_net_framework_3.5.1 | — | — |
| microsoft | microsoft_net_framework_3.5.1 | — | — |
| microsoft | microsoft_net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2_on_windows_10_version_1607 | — | — |
| microsoft | microsoft_net_framework_3.5_and_4.6.2_4.7_4.7.1_4.7.2_on_windows_server_2016 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH