Attacker Value
Low
0

CVE-2020-0605

Disclosure Date: January 14, 2020 Last updated March 10, 2020

Exploitability

(1 user assessed) Moderate
Attack Vector
Network
Privileges Required
None
User Interaction
Required

Description

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka ‘.NET Framework Remote Code Execution Vulnerability’. This CVE ID is unique from CVE-2020-0606.

Add Assessment

2
Ratings
Technical Analysis

A vulnerability exists in how Microsoft’s XPS documents are processed using .NET that can be leveraged to execute code using a deserialization attack. XPS files are effectively ZIP archives containing multiple member, of which ones .fdoc, and .fpage can be used as triggers. While this vulnerability was patched in May of 2020, it’s related to a similar vulnerability patched in January of 2020, which patched the same usage of the XPS document’s .fdseq member file types.

The default XPS viewer in Windows does not use .NET to render the XPS document making it unaffected by this vulnerability. A vulnerable application would need to be configured to process a maliciously crafted XPS document. Due to this, it is unclear if in practice this vulnerability will require user interaction or authentication to leverage.

See: https://www.mdsec.co.uk/2020/05/analysis-of-cve-2020-0605-code-execution-using-xps-files-in-net/

General Information

Additional Info

Technical Analysis