CVE-2020-1066

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 3.0; Microsoft .net Framework 3.5.1
Vendor: CVE Published:; 21 May 2020

Badges

👾 Exploit Exists🟡 Public PoC

Summary

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

Affected Version(s)

Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2

Microsoft .NET Framework 3.5.1 Windows 7 for 32-bit Systems Service Pack 1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-1066-EXP
Created by cbwang505

cve-2020-1066
Created by xyddnljydd

References

https://portal.msrc.microsoft.com/en-US/security-guidance...

x_refsource_MISC

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Mar 7, 2021
👾
Exploit known to exist
Mar 7, 2021
Vulnerability published
May 21, 2020
Vulnerability Reserved
Nov 4, 2019

Collectors

NVD DatabaseMitre Database2 Proof of Concept(s)