Bug 1851857 (CVE-2020-1066) - CVE-2020-1066 .NET: local elevation of privilege
Summary: CVE-2020-1066 .NET: local elevation of privilege
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-1066
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1851858
TreeView+ depends on / blocked
 
Reported: 2020-06-29 09:17 UTC by msiddiqu
Modified: 2021-02-16 19:45 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-06-29 14:24:00 UTC
Embargoed:


Attachments (Terms of Use)

Description msiddiqu 2020-06-29 09:17:25 UTC
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066

Comment 2 Stefan Cornelius 2020-06-29 14:24:04 UTC
Statement:

This only affects the .NET Framework and not .NET Core.


Note You need to log in before you can comment on or make changes to this bug.