CVE-2020-1147

Name of the Vulnerable Software and Affected Versions .NET Framework versions prior to the fixed version Microsoft SharePoint versions prior to the fixed version Visual Studio versions prior to the fixed version

Description A remote code execution issue exists due to the software's failure to properly check the source markup of XML file input. This allows an attacker to execute arbitrary code in the context of the process responsible for deserialization of the XML content. The issue is related to errors in processing XML requests. To exploit this vulnerability, an attacker could upload a specially crafted document to a server utilizing an affected product to process content.

Recommendations For .NET Framework versions prior to the fixed version, update to the latest version to resolve the issue. For Microsoft SharePoint versions prior to the fixed version, update to the latest version to resolve the issue. For Visual Studio versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting the use of dataset and datatable types in .NET to minimize the risk of exploitation. Avoid uploading specially crafted documents to servers utilizing affected products until the issue is resolved.