Fwd: [CIVN-2020-0283] Remote Code Execution Vulnerability in Microsoft .NET Framework, SharePoint Server and Visual Studio

1 year ago 73

Remote Code Execution Vulnerability in Microsoft .NET Framework, SharePoint

Server and Visual Studio 

Severity Rating: HIGH

Software Affected 

•Microsoft SharePoint Server 2010 SP2

•Microsoft SharePoint Enterprise Server 2013 SP1

•Microsoft SharePoint Enterprise Server 2016

•Microsoft SharePoint Server 2019

•Microsoft Visual Studio 2017 version 15.0to 15.9

•Microsoft Visual Studio 2019 version 16.0 to 16.6

•.NET Core versions 2.1 and 3.1

•Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6,

4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8

•Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1

•Windows 8.1 for 32-bit systems and x64-based Systems SP1

•Windows RT 8.1

•Windows Server 2008 R2 for x64-based Systems SP1

•Windows Server 2012

•Windows Server 2012 R2

•Windows Server 2016

•Windows Server 2019

•Windows 10 for 32-bit Systems and x64-based Systems

•Windows 10 Version 1607 for 32-bit Systems and x64-based Systems

•Windows 10 Version 1709 for 32-bit Systems, x64-based Systems,

ARM64-based Systems

•Windows 10 Version 1803 for 32-bit Systems, x64-based Systems,

ARM64-based Systems

•Windows 10 Version 1809 for 32-bit Systems, x64-based Systems,

ARM64-based Systems

•Windows 10 Version 1903 for 32-bit Systems, x64-based Systems,

ARM64-based Systems

•Windows 10 Version 1909 for 32-bit Systems, x64-based Systems,

ARM64-based Systems

•Windows 10 Version 2004 for 32-bit Systems, x64-based Systems,

ARM64-based Systems

•Windows Server 2008 for 32-bit Systems SP2 and x64-based Systems SP2

•Windows Server 2008 R2 for x64-based Systems SP1 (Server Core

installation)

•Windows Server 2012 (Server Core installation)

•Windows Server 2012 R2 (Server Core installation)

•Windows Server 2016 (Server Core installation)

•Windows Server 2019 (Server Core installation)

•Windows Server, version 1803 (Server Core Installation)

•Windows Server, version 1909 (Server Core installation)

•Windows Server, version 1903 (Server Core installation)

•Windows Server, version 2004 (Server Core installation)

Overview 

A vulnerability has been reported in Microsoft .NET Framework, SharePoint

Server and Visual Studio which could allow a remote attacker to execute

arbitrary code on a targeted system. 

Description

This vulnerability exists in .NET Framework, Microsoft SharePoint and

Visual Studio due to the failure of the software to check the source markup

of XML file input. A remote attacker could exploit this vulnerability by

uploading a specially crafted document to an affected server. 

Successful exploitation of this vulnerability could allow the attacker to

execute arbitrary code on the targeted system in the context of the process

responsible for deserialization of the XML content. 

Solution

Apply appropriate patches as mentioned in Microsoft Security Guidance 

Vendor Information

Microsoft

- -1147

References

CyberSecurityHelp

Red Hat Bugzilla

CVE Name

CVE-2020-1147

Read Entire Article