Test ID:	1.3.6.1.4.1.25623.1.0.816552
Category:	Windows : Microsoft Bulletins
Title:	Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535102)
Summary:	This host is missing a critical security; update according to Microsoft KB4535102
Description:	Summary: This host is missing a critical security update according to Microsoft KB4535102 Vulnerability Insight: Multiple flaws exist due to: - Microsoft .NET Framework fails to check the source markup of a file. - Microsoft .NET Framework fails to validate input properly. Vulnerability Impact: Successful exploitation will allow an attacker to run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. Affected Software/OS: Microsoft .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Microsoft Windows 7 SP1 and Microsoft Windows Server 2008 R2 SP1. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-0646 http://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646 Common Vulnerability Exposure (CVE) ID: CVE-2020-0605 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605 Common Vulnerability Exposure (CVE) ID: CVE-2020-0606 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.