CVE-2020-1046

EUVD-2020-11939
A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.
To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.
The security update addresses the vulnerability by correcting how .NET Framework processes input.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
2.0:sp2
microsoft.net_framework
3.5
microsoft.net_framework
3.5
microsoft.net_framework
4.7.2
microsoft.net_framework
3.5.1
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4571692
1607 (x64, x86)
KB4571694
1709 (arm64, x64, x86)
KB4571741
1803 (arm64, x64, x86)
KB4571709
1809 (arm64, x64, x64, x86, x86)
KB4570505
1903 (arm64, x64, x86)
KB4569751
1909 (arm64, x64, x86)
KB4569751
2004 (arm64, x64, x86)
KB4569745
Windows 7
Service Pack 1 (x64, x86)
KB4570506
Windows 8.1
(x64, x86)
KB4570508
Windows Server
1903 Server Core
KB4569751
1909 Server Core
KB4569751
2004 Server Core
KB4569745
Windows Server 2008
Service Pack 2 (x64, x86)
KB4570509
Windows Server 2008 R2
Service Pack 1 (x64)
KB4570506
Windows Server 2012
Server Core
KB4570507
Standard
KB4570507
Windows Server 2012 R2
Server Core
KB4570508
Standard
KB4570508
Windows Server 2016
Server Core
KB4571694
Standard
KB4571694
Windows Server 2019
Server Core
KB4570505
Standard
KB4570505
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1046