CVE-2020-0606

HIGH8.8EPSS 32.3%

Remote code execution in Microsoft.WindowsDesktop.App.Ref

發布日:2022/5/24修改日:2023/11/8

描述

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

受影響套件(3)

NuGet/Microsoft.WindowsDesktop.App.Ref>= 3.0.1, < 3.0.2
NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x64>= 3.0.0, < 3.0.2
NuGet/Microsoft.WindowsDesktop.App.Runtime.win-x86>= 3.0.0, < 3.0.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-0606
WEBhttps://github.com/dotnet/announcements/issues/149
WEBhttps://github.com/github/advisory-database/issues/302
WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606