The vulnerability of the Microsoft .NET Framework software platform, Microsoft Visual Studio for software development, and Microsoft SharePoint Server and Microsoft SharePoint Enterprise Server packages, related to errors in processing XML requests, allows a perpetrator to execute arbitrary code.

🗓️ 17 Jul 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

XML processing errors in NET Framework, Visual Studio, and SharePoint enable remote code execution.

Reporter	Title	Published	Views	Family All 146
0day.today	SharePoint DataSet / DataTable Deserialization Exploit	1 Aug 202000:00	–	zdt
0day.today	Microsoft SharePoint Server 2019 - Remote Code Execution Exploit	18 Aug 202000:00	–	zdt
0day.today	Microsoft SharePoint Server 2019 - Remote Code Execution Exploit (2)	23 Jul 202100:00	–	zdt
ALT Linux	Security fix for the ALT Linux 10 package dotnet-bootstrap-7.0 version 3.1.6-alt1	2 Aug 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package dotnet-coreclr-3.1 version 3.1.6-alt1	3 Aug 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package dotnet-bootstrap-5.0 version 3.1.6-alt1	2 Aug 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.6-alt1	3 Aug 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 9 package dotnet-bootstrap-3.1 version 3.1.6-alt1	2 Aug 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package dotnet-bootstrap-3.1 version 3.1.6-alt1	2 Aug 202000:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package dotnet-bootstrap-5.0 version 3.1.6-alt1	2 Aug 202000:00	–	altlinux

Vulners

Node

microsoft .net_coreMatch2.1

OR

microsoft microsoft_visual_studio_2019Match16.0

OR

microsoft .net_coreMatch3.1

OR

microsoft microsoft_visual_studio_2019Range16.0–16.3

OR

microsoft microsoft_visual_studio_2019Range16.0–16.5

OR

microsoft microsoft_visual_studio_2017Range15.0–15.9

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-1147
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2020071463
access	www.access.redhat.com/security/cve/CVE-2020-1147
packetstormsecurity	www.packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
altsp	www.altsp.su/obnovleniya-bezopasnosti/
cisa	www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
web	www.web.nvd.nist.gov/view/vuln/detail

24 Sep 2024 00:00Current

CVSS 39.8

CVSS 210

EPSS0.9343

xml processing errors dotnet framework visual studio sharepoint server remote code execution