CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-0646

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score39.0260%
EPSS Percentile89.07th
Published2020年1月14日
Last Modified2025年10月29日

Vulnerability Description

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

Affected Platforms (CPE)

📦
Microsoft

.net Framework

= 3.0
📦
Microsoft

.net Framework

= 3.5
📦
Microsoft

.net Framework

= 4.6.2
📦
Microsoft

.net Framework

= 4.7
📦
Microsoft

.net Framework

= 4.7.1
📦
Microsoft

.net Framework

= 4.7.2
📦
Microsoft

.net Framework

= 4.8
📦
Microsoft

.net Framework

= 3.5.1
📦
Microsoft

.net Framework

= 4.5.2
📦
Microsoft

.net Framework

= 4.6
📦
Microsoft

.net Framework

= 4.6.1

References & Advisories

🔗 http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646
🔗 http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html
🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0646

関連する脆弱性情報

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2013-007310.0

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict ...

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...