CVE-2020-1046

high

Microsoft

CVSS v3 Base Score

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

11.3%

Exploitation probability in 30 days

Top 7% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: August 17, 2020 (2096 days ago)

Last Modified: February 23, 2026

Vendor: Microsoft

Description

A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.

CWE

NVD-CWE-noinfo

Affected Products

microsoft .net framework

References

🔗 portal.msrc.microsoft.com 🔗 portal.msrc.microsoft.com

CVE-2020-1046

Vulnerability Report

Description

CWE

Affected Products

References