Intrusion PreventionMS.NET.Framework.XPS.File.Parsing.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft ASP.NET Core.
The vulnerability is due to improper input validation on XPS files. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted XPS file using the affected .NET Framework API. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.
Affected Products
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7
Microsoft .NET Framework 4.7.1
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.8
Microsoft ASP.NET Core 2.1
Microsoft ASP.NET Core 3.0
Microsoft ASP.NET Core 3.1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-08-12 | 15.904 | Sig Added |
| 2020-07-08 | 15.881 | Sig Added |
| 2020-06-30 | 15.876 | Default_action:pass:drop |
| 2020-06-15 | 15.864 |
| ID | 49251 |
| Created | Jun 15, 2020 |
| Updated | May 15, 2021 |
| Risk |
|
| CVE ID | CVE-2020-0605 |
| Exploit Prediction Score | 3.66% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |