Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1yNG13LWd4ZjctdnhyOc4AAjRD
Remote code execution in Microsoft.WindowsDesktop.App.Ref
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.
Permalink: https://github.com/advisories/GHSA-r4mw-gxf7-vxr9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1yNG13LWd4ZjctdnhyOc4AAjRD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-r4mw-gxf7-vxr9, CVE-2020-0606
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-0606
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606
- https://github.com/dotnet/announcements/issues/149
- https://github.com/github/advisory-database/issues/302
- https://github.com/advisories/GHSA-r4mw-gxf7-vxr9
Affected Packages
nuget:Microsoft.WindowsDesktop.App.Runtime.win-x64
Versions: >= 3.1.0, < 3.1.11, >= 3.0.0, < 3.0.2Fixed in: 3.1.11, 3.0.2
nuget:Microsoft.WindowsDesktop.App.Runtime.win-x86
Versions: >= 3.1.0, < 3.1.11, >= 3.0.0, < 3.0.2Fixed in: 3.1.11, 3.0.2
nuget:Microsoft.WindowsDesktop.App.Ref
Versions: = 3.1.0, = 3.0.1Fixed in: 3.1.1, 3.0.2