First published: Tue Jan 14 2020(Updated: )
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft .NET Framework | =3.0-sp2 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft .NET Framework | =3.5 | |
Microsoft Windows 8.1 | ||
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2012 | =r2 | |
Microsoft .NET Framework | =4.6.2 | |
Microsoft .NET Framework | =4.7 | |
Microsoft .NET Framework | =4.7.1 | |
Microsoft .NET Framework | =4.7.2 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1709 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | =1803 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows Server 2016 | =1803 | |
Microsoft Windows Server 2019 | ||
Microsoft .NET Framework | =4.8 | |
Microsoft Windows 10 | =1903 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows Server 2016 | =1903 | |
Microsoft .NET Framework | =3.5.1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft .NET Framework | =4.5.2 | |
Microsoft Windows RT 8.1 | ||
Microsoft .NET Framework | =4.6 | |
Microsoft Windows 10 | =1607 | |
Microsoft .NET Framework | =4.6.1 | |
Microsoft .NET Core | =1.0 | |
Microsoft .NET Core | =3.0 | |
Microsoft .NET Core | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-0605 is a remote code execution vulnerability in .NET software.
CVE-2020-0605 has a severity rating of 8.8.
Microsoft .NET Framework 3.0 SP2 is affected by CVE-2020-0605.
To fix CVE-2020-0605, users should apply the security update provided by Microsoft.
More information about CVE-2020-0605 can be found in the Microsoft Security Guidance Advisory.