.NET Framework Elevation of Privilege Vulnerability Affecting Microsoft Products
CVE-2020-1066
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 21 May 2020
Badges
Summary
A vulnerability exists in .NET Framework that allows an attacker with access to the local machine to elevate their privileges. This occurs through the exploitation of how .NET Framework activates COM objects, enabling malicious programs to execute commands with higher user permissions. To protect against this vulnerability, it's crucial for users to apply the latest updates and security patches released by Microsoft.
Affected Version(s)
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .NET Framework 3.5.1 Windows 7 for 32-bit Systems Service Pack 1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
29% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved