Attacker Value
Very Low
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

.NET Partial-Trust bypass via browser command-line injection in System.Windows.Forms.Help

Last updated February 13, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the “WebPermission” permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users’ default browser.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    High
Technical Analysis

Documentation updated to discuss security risk, MS does not consider this a privilege boundary.

General Information

Additional Info

Technical Analysis