CVE-2020-1066

EUVD-2020-11957
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
microsoft.net_framework
3.0:sp2
microsoft.net_framework
3.5.1
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 7
Service Pack 1 (x64, x86)
KB4556403
Windows Server 2008
Service Pack 2 (x64, x86)
KB4556406
Windows Server 2008 R2
Service Pack 1 (x64)
KB4556403
Service Pack 1 Server Core (x64)
KB4556403
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066