CVE-2020-1066 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	.Net Framework	3.0
Microsoft	Windows Server 2008	-
Microsoft	Windows 7	-

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066PatchVendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066PatchVendor Advisory

FAQ

What is CVE-2020-1066?

CVE-2020-1066 is a vulnerability with a CVSS score of 7.8 (HIGH). An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the...

How severe is CVE-2020-1066?

CVE-2020-1066 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-1066?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft .Net Framework, Microsoft Windows Server 2008, Microsoft Windows 7.