CVE-2020-0606

Name of the Vulnerable Software and Affected Versions .NET Framework (affected versions not specified) .NET Core (affected versions not specified)

Description A remote code execution issue exists due to insufficient input validation. An attacker could exploit this to run arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts with full rights. Exploitation requires a user to open a specially crafted file with an affected version of .NET Framework.

Recommendations For .NET Framework, update to a version that includes the fix for this issue. For .NET Core, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of .NET Framework and .NET Core until a patch is available. Avoid opening specially crafted files with affected versions of .NET Framework to minimize the risk of exploitation.