First published: Tue Jan 14 2020(Updated: )
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft .NET Framework | =3.0-sp2 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft .NET Framework | =3.5 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 8.1 | ||
Microsoft Windows Server 2012 | ||
Microsoft Windows Server 2012 | =r2 | |
Microsoft .NET Framework | =4.6.2 | |
Microsoft .NET Framework | =4.7 | |
Microsoft .NET Framework | =4.7.1 | |
Microsoft .NET Framework | =4.7.2 | |
Microsoft Windows 10 | =1607 | |
Microsoft Windows 10 | =1709 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows 10 | ||
Microsoft Windows 10 | =1803 | |
Microsoft Windows 10 | =1809 | |
Microsoft Windows Server 2016 | =1803 | |
Microsoft Windows Server 2019 | ||
Microsoft .NET Framework | =4.8 | |
Microsoft Windows 10 | =1903 | |
Microsoft Windows 10 | =1909 | |
Microsoft Windows Server 2016 | =1903 | |
Microsoft Windows Server 2016 | =1909 | |
Microsoft .NET Framework | =3.5.1 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft .NET Framework | =4.5.2 | |
Microsoft Windows RT 8.1 | ||
Microsoft .NET Framework | =4.6 | |
Microsoft .NET Framework | =4.6.1 | |
Microsoft .NET Core | =3.0 | |
Microsoft .NET Core | =3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-0606 is a remote code execution vulnerability in .NET software.
CVE-2020-0606 can allow an attacker to run arbitrary code in the context of the current user.
CVE-2020-0606 has a severity rating of 8.8, which is considered critical.
CVE-2020-0606 affects Microsoft .NET Framework versions 3.0 SP2, 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and .NET Core versions 3.0, 3.1.
To fix CVE-2020-0606, it is recommended to apply the necessary security updates provided by Microsoft.