CVE-2020-1066
Description
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka .NET Framework Elevation of Privilege Vulnerability.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
29.696
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| KB4556402, 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4552939) | Windows |
| KB4556402, 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB4552939) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4552964) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB4552964) (ESU) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6 for Windows Server 2008 SP2 (KB4552919) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6 for Windows Server 2008 SP2 for x64 (KB4552919) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB4552919) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4552919) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 for x64 (KB4552919) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4552920) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2 for x64 (KB4552920) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 R2 for x64 (KB4552920) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 (KB4552920) | Windows |
| KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 for x64 (KB4552920) | Windows |
| KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB4552940) | Windows |
| KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 (KB4552940) | Windows |
| KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 for x64 (KB4552940) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4552952) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.5.2 for Windows Server 2008 SP2 for x64 (KB4552952) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.5.2 for Windows Server 2008 R2 for x64 (KB4552952) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.5.2 for Windows 7 (KB4552952) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.5.2 for Windows 7 for x64 (KB4552952) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB4552965) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 3.5.1 for Windows 7 (KB4552965) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 3.5.1 for Windows 7 for x64 (KB4552965) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB4552953) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.8 for Windows 7 (KB4552953) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.8 for Windows 7 for x64 (KB4552953) (ESU) | Windows |
| KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB4552921) | Windows |
| KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 7 (KB4552921) | Windows |
| KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 7 for x64 (KB4552921) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.6 for Windows Server 2008 SP2 (KB4552951) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.6 for Windows Server 2008 SP2 for x64 (KB4552951) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB4552951) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4552951) (ESU) | Windows |
| .NET Framework Remote Code Execution Vulnerability for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 for x64 (KB4552951) (ESU) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-28955 | KB4556402, 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4552939) (ESU) |
| PATCH-28956 | KB4556402, 2020-05 Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB4552939) (ESU) |
| PATCH-28974 | KB4556406, 2020-05 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4552964) (ESU) |
| PATCH-28975 | KB4556406, 2020-05 Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 for x64 (KB4552964) (ESU) |
| PATCH-28989 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6 for Windows Server 2008 SP2 (KB4552919) (ESU) |
| PATCH-28990 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6 for Windows Server 2008 SP2 for x64 (KB4552919) (ESU) |
| PATCH-28991 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB4552919) (ESU) |
| PATCH-28992 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4552919) (ESU) |
| PATCH-28993 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 for x64 (KB4552919) (ESU) |
| PATCH-28994 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4552920) (ESU) |
| PATCH-28995 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2 for x64 (KB4552920) (ESU) |
| PATCH-28996 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 R2 for x64 (KB4552920) (ESU) |
| PATCH-28997 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 (KB4552920) (ESU) |
| PATCH-28998 | KB4556402, KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 for x64 (KB4552920) (ESU) |
| PATCH-28958 | KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB4552940) (ESU) |
| PATCH-28960 | KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 (KB4552940) (ESU) |
| PATCH-28961 | KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 for x64 (KB4552940) (ESU) |
| PATCH-28977 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4552952) (ESU) |
| PATCH-28978 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Server 2008 SP2 for x64 (KB4552952) (ESU) |
| PATCH-28979 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows Server 2008 R2 for x64 (KB4552952) (ESU) |
| PATCH-28980 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows 7 (KB4552952) (ESU) |
| PATCH-28981 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.5.2 for Windows 7 for x64 (KB4552952) (ESU) |
| PATCH-28982 | KB4556403, 2020-05 Security Only Update for .NET Framework 3.5.1 for Windows Server 2008 R2 for x64 (KB4552965) (ESU) |
| PATCH-28984 | KB4556403, 2020-05 Security Only Update for .NET Framework 3.5.1 for Windows 7 (KB4552965) (ESU) |
| PATCH-28985 | KB4556403, 2020-05 Security Only Update for .NET Framework 3.5.1 for Windows 7 for x64 (KB4552965) (ESU) |
| PATCH-28986 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB4552953) (ESU) |
| PATCH-28987 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.8 for Windows 7 (KB4552953) (ESU) |
| PATCH-28988 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.8 for Windows 7 for x64 (KB4552953) (ESU) |
| PATCH-28999 | KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2008 R2 for x64 (KB4552921) (ESU) |
| PATCH-29000 | KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 7 (KB4552921) (ESU) |
| PATCH-29001 | KB4556399, 2020-05 Security and Quality Rollup for .NET Framework 4.8 for Windows 7 for x64 (KB4552921) (ESU) |
| PATCH-29007 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.6 for Windows Server 2008 SP2 (KB4552951) (ESU) |
| PATCH-29008 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.6 for Windows Server 2008 SP2 for x64 (KB4552951) (ESU) |
| PATCH-29009 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2008 R2 for x64 (KB4552951) (ESU) |
| PATCH-29010 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 (KB4552951) (ESU) |
| PATCH-29011 | KB4556403, 2020-05 Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 for x64 (KB4552951) (ESU) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234