CVE-2020-0606

Description

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

Related CPE's

amicrosoft.net_framework3.0sp2******

omicrosoftwindows_server_2008-sp2******

amicrosoft.net_framework3.5*******

omicrosoftwindows_101607*****x86*

omicrosoftwindows_server_2012r2*******

omicrosoftwindows_8.1********

omicrosoftwindows_server_2012-*******

amicrosoft.net_framework4.6.2*******

amicrosoft.net_framework3.5*******

amicrosoft.net_framework4.7*******

References

N/A

PatchVendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AttackVector

NETWORK

AttackComplexity

LOW

PrivilegesRequired

NONE

UserInteraction

REQUIRED

Scope

UNCHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

8.8

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io