CyberSec.Space Logo
Back to CVE Browser

CVE-2020-0646

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score39.0260%
EPSS Percentile89.07th
PublishedJan 14, 2020
Last ModifiedOct 29, 2025

Vulnerability Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 3.0
πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

.net Framework

= 4.6.2
πŸ“¦
Microsoft

.net Framework

= 4.7
πŸ“¦
Microsoft

.net Framework

= 4.7.1
πŸ“¦
Microsoft

.net Framework

= 4.7.2
πŸ“¦
Microsoft

.net Framework

= 4.8
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 4.5.2
πŸ“¦
Microsoft

.net Framework

= 4.6
πŸ“¦
Microsoft

.net Framework

= 4.6.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646
πŸ”— http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0646

Related Vulnerabilities

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...