CVE-2020-0606 – microsoft.windowsdesktop.app.ref

Package

Manager: nuget
Name: microsoft.windowsdesktop.app.ref
Vulnerable Version: =3.0.1 || >=3.0.1 <3.0.2 || =3.1.0 || >=3.1.0 <3.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.39301 pctl0.97177

Details

Remote code execution in Microsoft.WindowsDesktop.App.Ref A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

Metadata

Created: 2022-05-24T17:06:16Z
Modified: 2022-07-28T22:08:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r4mw-gxf7-vxr9/GHSA-r4mw-gxf7-vxr9.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-r4mw-gxf7-vxr9
Finding: F184
Auto approve: 1