VYPR
← All advisories
High severityCISA KEVNVD Advisory· Published Jul 14, 2020· Updated Oct 21, 2025

CVE-2020-1147

CVE-2020-1147

Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.NETCore.AppNuGet
>= 2.1.0, < 2.1.202.1.20
Microsoft.NETCore.App.Runtime.linux-armNuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-arm64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-musl-arm64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-musl-x64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.linux-x64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.osx-x64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.rhel.6-x64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-armNuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-arm64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-x64NuGet
>= 3.1.0, < 3.1.63.1.6
Microsoft.NETCore.App.Runtime.win-x86NuGet
>= 3.1.0, < 3.1.63.1.6

Affected products

68
  • Microsoft/Microsoft SharePoint Enterprise Serverv5
    Range: 2016
  • Microsoft/Microsoft SharePoint Serverv5
    Range: 2019
  • Microsoft/Microsoft Visual Studio 2019v5
    Range: 16.0
  • Microsoft/Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)v5
    Range: unspecified
  • Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)v5
    Range: unspecified
  • Microsoft/Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)v5
    Range: unspecified
  • Microsoft/.NET Corev5
    Range: 2.1
  • Microsoft/Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2v5
    Range: Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows RT 8.1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 R2v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)v5
    Range: 1903
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 4.6v5
    Range: Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft/Microsoft .NET Framework 2.0v5
    Range: Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft/Microsoft .NET Framework 3.0v5
    Range: Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2
  • Microsoft/Microsoft .NET Framework 3.5v5
    Range: Windows 8.1 for 32-bit systems
  • Microsoft/Microsoft .NET Framework 3.5.1v5
    Range: Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft/Microsoft .NET Framework 4.5.2v5
    Range: Windows 7 for 32-bit Systems Service Pack 1
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for x64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation)v5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for ARM64-based Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for 32-bit Systemsv5
    Range: unspecified
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 2004 for ARM64-based Systemsv5
    Range: unspecified

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.