virus logo Intrusion Prevention

MS.SharePoint.Workflows.XOML.Remote.Code.Injection

description-logoDescription

This indicates an attack attempt to exploit an Remote Code Injection vulnerability in Microsoft .NET Framework.
The vulnerability is due to insufficient sanitizing of user supplied XML in the application. A remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.

affected-products-logoAffected Products

Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7
Microsoft .NET Framework 4.7.1
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.8

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Applied the latest patch or upgrade from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-07-22 15.892 Default_action:pass:drop
2020-05-12 15.842
ID 48866
Created May 12, 2020
Updated Jul 21, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2020-0646
Known Exploited Yes
Exploit Prediction Score 97.46%
Default Action drop
Active
Affected OS Windows
Affected App Other