What is CVE-2020-1147?

CVE-2020-1147 is a vulnerability in Microsoft .Net Framework 2.0. Published 2020-07-14.

Is CVE-2020-1147 known to be exploited?

Yes. CVE-2020-1147 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 22 public proof-of-concept repositories are indexed.

Vulnerability in Microsoft .Net Framework 2.0

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote…

EPSS: 0.934 (99.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft .Net Framework 2.0 — versions Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .Net Framework 3.0 — versions Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2, Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft .Net Framework 3.5 — versions Windows 8.1 for 32-bit systems, Windows 8.1 for x64-based systems, Windows Server 2012
Microsoft .Net Framework 3.5.1 — versions Windows 7 for 32-bit Systems Service Pack 1, Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft .Net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2 On Windows 10 Version 1607 For 32-bit Systems — versions unspecified
Microsoft .Net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2 On Windows 10 Version 1607 For X64-based Systems — versions unspecified
Microsoft .Net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2 On Windows Server 2016 — versions unspecified
Microsoft .Net Framework 3.5 And 4.6.2/4.7/4.7.1/4.7.2 On Windows Server 2016 (Server Core Installation) — versions unspecified
Microsoft .Net Framework 3.5 And 4.6/4.6.1/4.6.2 On Windows 10 For 32-bit Systems — versions unspecified
Microsoft .Net Framework 3.5 And 4.6/4.6.1/4.6.2 On Windows 10 For X64-based Systems — versions unspecified

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2021-11-03. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-05-03.

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147 (x_refsource_MISC)
packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserializati… (x_refsource_MISC)
packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Co… (x_refsource_MISC)
www.exploitalert.com/view-details.html (x_refsource_MISC)
packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Co… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1147?: CVE-2020-1147 is a vulnerability in Microsoft .Net Framework 2.0. Published 2020-07-14.
Is CVE-2020-1147 known to be exploited?: Yes. CVE-2020-1147 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 22 public proof-of-concept repositories are indexed.