cnvd - cnvd-2020-03547

cnvd-2020-03547

Vulnerability from cnvd

Title: Microsoft .NET Framework远程代码执行漏洞（CNVD-2020-03547）

Description:

Microsoft .NET Framework是美国微软（Microsoft）公司的一种全面且一致的编程模型，也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库。

Microsoft .NET Framework中存在远程代码执行漏洞，该漏洞源于程序未能正确验证输入，攻击者可通过提交输入利用该漏洞控制受影响的系统。

Severity: 高

Patch Name: Microsoft .NET Framework远程代码执行漏洞（CNVD-2020-03547）的补丁

Patch Description:

Microsoft .NET Framework中存在远程代码执行漏洞，该漏洞源于程序未能正确验证输入，攻击者可通过提交输入利用该漏洞控制受影响的系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-0646

Impacted products

Name
['Microsoft .NET Framework 3.0 SP2', 'Microsoft .NET Framework 3.5', 'Microsoft .NET Framework 3.5.1', 'Microsoft .NET Framework 4.6', 'Microsoft .NET Framework 4.6.2', 'Microsoft .NET Framework 4.7', 'Microsoft .NET Framework 4.7.1', 'Microsoft .NET Framework 4.7.2', 'Microsoft .NET Framework 4.5.2', 'Microsoft .NET Framework 4.6.1', 'Microsoft .NET Framework 4.8']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-0646"
    }
  },
  "description": "Microsoft .NET Framework\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u79cd\u5168\u9762\u4e14\u4e00\u81f4\u7684\u7f16\u7a0b\u6a21\u578b\uff0c\u4e5f\u662f\u4e00\u4e2a\u7528\u4e8e\u6784\u5efaWindows\u3001Windows Store\u3001Windows Phone\u3001Windows Server\u548cMicrosoft Azure\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ecC#\u548cVisual Basic\u7f16\u7a0b\u8bed\u8a00\u3001\u516c\u5171\u8bed\u8a00\u8fd0\u884c\u5e93\u548c\u5e7f\u6cdb\u7684\u7c7b\u5e93\u3002\n\nMicrosoft .NET Framework\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-03547",
  "openTime": "2020-02-04",
  "patchDescription": "Microsoft .NET Framework\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u79cd\u5168\u9762\u4e14\u4e00\u81f4\u7684\u7f16\u7a0b\u6a21\u578b\uff0c\u4e5f\u662f\u4e00\u4e2a\u7528\u4e8e\u6784\u5efaWindows\u3001Windows Store\u3001Windows Phone\u3001Windows Server\u548cMicrosoft Azure\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u53d1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5305\u62ecC#\u548cVisual Basic\u7f16\u7a0b\u8bed\u8a00\u3001\u516c\u5171\u8bed\u8a00\u8fd0\u884c\u5e93\u548c\u5e7f\u6cdb\u7684\u7c7b\u5e93\u3002\r\n\r\nMicrosoft .NET Framework\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u8f93\u5165\uff0c\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u8f93\u5165\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft .NET Framework\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-03547\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft .NET Framework 3.0 SP2",
      "Microsoft .NET Framework 3.5",
      "Microsoft .NET Framework 3.5.1",
      "Microsoft .NET Framework 4.6",
      "Microsoft .NET Framework 4.6.2",
      "Microsoft .NET Framework 4.7",
      "Microsoft .NET Framework 4.7.1",
      "Microsoft .NET Framework 4.7.2",
      "Microsoft .NET Framework 4.5.2",
      "Microsoft .NET Framework 4.6.1",
      "Microsoft .NET Framework 4.8"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-0646",
  "serverity": "\u9ad8",
  "submitTime": "2020-01-16",
  "title": "Microsoft .NET Framework\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2020-03547\uff09"
}

CVE-2020-0646 (GCVE-0-2020-0646)

Vulnerability from cvelistv5

Published

2020-01-14 23:11

Modified

2025-07-30 01:45

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Remote Code Execution

Summary

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.

References

▼	URL	Tags
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646	x_refsource_MISC
	http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

Microsoft

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

Version: Windows 7 for 32-bit Systems Service Pack 1
Version: Windows 7 for x64-based Systems Service Pack 1
Version: Windows 8.1 for 32-bit systems
Version: Windows 8.1 for x64-based systems
Version: Windows RT 8.1
Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1
Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Version: Windows Server 2012
Version: Windows Server 2012 (Server Core installation)
Version: Windows Server 2012 R2
Version: Windows Server 2012 R2 (Server Core installation)

Microsoft	Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2	Version: Windows 10 Version 1607 for 32-bit Systems
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2016	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows RT 8.1	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2012	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2012 R2	Version: unspecified
Microsoft	Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)	Version: 1903
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 4.6	Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Microsoft .NET Framework 3.0	Version: Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 Version: Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
Microsoft	Microsoft .NET Framework 3.5	Version: Windows 10 Version 1607 for 32-bit Systems Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows Server 2012 R2 Version: Windows Server 2012 R2 (Server Core installation)
Microsoft	Microsoft .NET Framework 3.5.1	Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft	Microsoft .NET Framework 4.5.2	Version: Windows 7 for 32-bit Systems Service Pack 1 Version: Windows 7 for x64-based Systems Service Pack 1 Version: Windows 8.1 for 32-bit systems Version: Windows 8.1 for x64-based systems Version: Windows RT 8.1 Version: Windows Server 2008 for 32-bit Systems Service Pack 2 Version: Windows Server 2008 for x64-based Systems Service Pack 2 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 Version: Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Version: Windows Server 2012 Version: Windows Server 2012 (Server Core installation) Version: Windows Server 2012 R2 Version: Windows Server 2012 R2 (Server Core installation)
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems	Version: unspecified
Microsoft	Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016	Version: unspecified

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:11:05.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-0646",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T15:18:23.162213Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-0646"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-91",
                "description": "CWE-91 XML Injection (aka Blind XPath Injection)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:45:50.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2020-0646 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2 (Server Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for 32-bit Systems"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server, version 1803  (Server Core Installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2016  (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2012",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019  (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "1903"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019  (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 for x64-based Systems Service Pack 2"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2 (Server Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 4.5.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 7 for 32-bit Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 7 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for 32-bit systems"
            },
            {
              "status": "affected",
              "version": "Windows 8.1 for x64-based systems"
            },
            {
              "status": "affected",
              "version": "Windows RT 8.1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 for 32-bit Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 for x64-based Systems Service Pack 2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
            },
            {
              "status": "affected",
              "version": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 (Server Core installation)"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2"
            },
            {
              "status": "affected",
              "version": "Windows Server 2012 R2 (Server Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803  (Server Core Installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \u0027.NET Framework Remote Code Execution Injection Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-26T16:06:02.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-0646",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "Windows RT 8.1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012"
                          },
                          {
                            "version_value": "Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012 R2"
                          },
                          {
                            "version_value": "Windows Server 2012 R2 (Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 Version 1607 for 32-bit Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803  (Server Core Installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016  (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019  (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1903"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019  (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.6",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.0",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
                          },
                          {
                            "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "Windows Server 2012"
                          },
                          {
                            "version_value": "Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012 R2"
                          },
                          {
                            "version_value": "Windows Server 2012 R2 (Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5.1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 4.5.2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 7 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows 8.1 for 32-bit systems"
                          },
                          {
                            "version_value": "Windows 8.1 for x64-based systems"
                          },
                          {
                            "version_value": "Windows RT 8.1"
                          },
                          {
                            "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
                          },
                          {
                            "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
                          },
                          {
                            "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012"
                          },
                          {
                            "version_value": "Windows Server 2012 (Server Core installation)"
                          },
                          {
                            "version_value": "Windows Server 2012 R2"
                          },
                          {
                            "version_value": "Windows Server 2012 R2 (Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803  (Server Core Installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016  (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \u0027.NET Framework Remote Code Execution Injection Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646"
            },
            {
              "name": "http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-0646",
    "datePublished": "2020-01-14T23:11:38.000Z",
    "dateReserved": "2019-11-04T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:45:50.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted