Lucene search
HistoryJan 14, 2020 - 11:15 p.m.
CVE-2020-0606
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.044
Percentile
92.5%
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka â.NET Framework Remote Code Execution Vulnerabilityâ. This CVE ID is unique from CVE-2020-0605.
Affected configurations
Node
microsoft.net_frameworkMatch3.0sp2
microsoftwindows_server_2008Match-sp2
Node
microsoft.net_frameworkMatch3.5
microsoftwindows_10Match1607x86
ORmicrosoftwindows_8.1
ORmicrosoftwindows_server_2012Match-
ORmicrosoftwindows_server_2012Matchr2
Node
microsoft.net_frameworkMatch3.5
ORmicrosoft.net_frameworkMatch4.6.2
ORmicrosoft.net_frameworkMatch4.7
ORmicrosoft.net_frameworkMatch4.7.1
ORmicrosoft.net_frameworkMatch4.7.2
microsoftwindows_10Match1607
ORmicrosoftwindows_10Match1709
ORmicrosoftwindows_server_2016Match-
Node
microsoft.net_frameworkMatch3.5
ORmicrosoft.net_frameworkMatch4.7.2
microsoftwindows_10Match-
ORmicrosoftwindows_10Match1803
ORmicrosoftwindows_10Match1809
ORmicrosoftwindows_server_2016Match1803
ORmicrosoftwindows_server_2019
Node
microsoft.net_frameworkMatch3.5
ORmicrosoft.net_frameworkMatch4.8
microsoftwindows_10Match1809
ORmicrosoftwindows_10Match1903
ORmicrosoftwindows_10Match1909
ORmicrosoftwindows_server_2016Match1903
ORmicrosoftwindows_server_2016Match1909
ORmicrosoftwindows_server_2019
Node
microsoft.net_frameworkMatch3.5.1
microsoftwindows_7Match-sp1
ORmicrosoftwindows_server_2008Matchr2sp1itanium
ORmicrosoftwindows_server_2008Matchr2sp1x64
Node
microsoft.net_frameworkMatch4.5.2
microsoftwindows_7Match-sp1
ORmicrosoftwindows_8.1
ORmicrosoftwindows_rt_8.1
ORmicrosoftwindows_server_2008Match-sp2
ORmicrosoftwindows_server_2008Matchr2sp1x64
ORmicrosoftwindows_server_2012Match-
ORmicrosoftwindows_server_2012Matchr2
Node
microsoft.net_frameworkMatch4.6
microsoftwindows_server_2008Match-sp2
Node
microsoft.net_frameworkMatch4.6
ORmicrosoft.net_frameworkMatch4.6.1
ORmicrosoft.net_frameworkMatch4.6.2
ORmicrosoft.net_frameworkMatch4.7
ORmicrosoft.net_frameworkMatch4.7.1
ORmicrosoft.net_frameworkMatch4.7.2
microsoftwindows_7Match-sp1
ORmicrosoftwindows_8.1
ORmicrosoftwindows_rt_8.1
ORmicrosoftwindows_server_2008Matchr2sp1x64
ORmicrosoftwindows_server_2012Match-
ORmicrosoftwindows_server_2012Matchr2
Node
microsoft.net_frameworkMatch4.8
microsoftwindows_10Match1607
ORmicrosoftwindows_10Match1709
ORmicrosoftwindows_10Match1803
ORmicrosoftwindows_7Match-sp1
ORmicrosoftwindows_8.1
ORmicrosoftwindows_rt_8.1
ORmicrosoftwindows_server_2008Matchr2sp1x64
ORmicrosoftwindows_server_2012Match-
ORmicrosoftwindows_server_2012Matchr2
ORmicrosoftwindows_server_2016Match-
Node
microsoft.net_coreMatch3.0
ORmicrosoft.net_coreMatch3.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | .net_framework | 3.0 | cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* |
| microsoft | windows_server_2008 | - | cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* |
| microsoft | .net_framework | 3.5 | cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* |
| microsoft | windows_10 | 1607 | cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:* |
| microsoft | windows_8.1 | * | cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* |
| microsoft | windows_server_2012 | - | cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* |
| microsoft | windows_server_2012 | r2 | cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.6.2 | cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.7 | cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.7.1 | cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* |
Related
nessus
nessus
Security Update for .NET Core (January 2020)
2020-01-16 00:00:00
Security Updates for Microsoft .NET Framework (January 2020)
2020-01-16 00:00:00
Security Update for .NET Core SDK (January 2020)
2020-01-16 00:00:00
osv
osv
CVE-2020-0605
2020-01-14 23:15:30
CVE-2020-0606
2020-01-14 23:15:30
Remote code execution in Microsoft.WindowsDesktop.App.Ref
2022-05-24 17:06:16
prion
prion
Remote code execution
2020-01-14 23:15:00
Remote code execution
2020-01-14 23:15:00
veracode
veracode
Remote Code Execution
2020-01-20 06:05:18
Remote Code Execution (RCE)
2020-01-20 07:19:54
cvelist
cvelist
CVE-2020-0605
2020-01-14 23:11:21
CVE-2020-0606
2020-01-14 23:11:22
github
github
Remote code execution in Microsoft.WindowsDesktop.App.Ref
2022-05-24 17:06:16
PowerShell is subject to remote code execution vulnerability
2024-02-02 21:04:47
nvd
nvd
CVE-2020-0605
2020-01-14 23:15:30
cve
cve
CVE-2020-0606
2020-01-14 23:15:30
CVE-2020-0605
2020-01-14 23:15:30
attackerkb
attackerkb
CVE-2020-0605
2020-01-14 00:00:00
mskb
mskb
openvas
openvas
Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535101)
2020-01-15 00:00:00
Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535102)
2020-01-15 00:00:00
Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532935)
2020-01-15 00:00:00
redhatcve
redhatcve
CVE-2020-0606
2020-01-14 20:09:01
CVE-2020-0605
2020-01-14 20:09:01
kaspersky
kaspersky
KLA11634 Multiple vulnerabilities in Microsoft Developer Tools
2020-01-14 00:00:00
symantec
symantec
Microsoft .NET Framework CVE-2020-0606 Remote Code Execution Vulnerability
2020-01-14 00:00:00
Microsoft .NET Core CVE-2020-0605 Remote Code Execution Vulnerability
2020-01-14 00:00:00
mscve
mscve
.NET Framework Remote Code Execution Vulnerability
2020-01-14 08:00:00
.NET Framework Remote Code Execution Vulnerability
2020-01-14 08:00:00
checkpoint_advisories
checkpoint_advisories
talosblog
talosblog
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
9.2
Confidence
High
EPSS
0.044
Percentile
92.5%
Related for NVD:CVE-2020-0606