8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-0606

GHSA ID

GHSA-r4mw-gxf7-vxr9

EPSS Score

0.97119%

CWE

CWE-20

Published

5/24/2022

Updated

1/30/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-0606

CVE-2020-0606: Remote code execution in Microsoft.WindowsDesktop.App.Ref

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-0606

GHSA ID

GHSA-r4mw-gxf7-vxr9

EPSS Score

0.97119%

CWE

CWE-20

Published

5/24/2022

Updated

1/30/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
Microsoft.WindowsDesktop.App.Ref	nuget	= 3.0.1	3.0.2
Microsoft.WindowsDesktop.App.Ref	nuget	= 3.1.0	3.1.1
Microsoft.WindowsDesktop.App.Runtime.win-x86	nuget	>= 3.0.0, < 3.0.2	3.0.2
Microsoft.WindowsDesktop.App.Runtime.win-x86	nuget	>= 3.1.0, < 3.1.11	3.1.11
Microsoft.WindowsDesktop.App.Runtime.win-x64	nuget	>= 3.0.0, < 3.0.2	3.0.2
Microsoft.WindowsDesktop.App.Runtime.win-x64	nuget	>= 3.1.0, < 3.1.11	3.1.11

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers on improper XAML markup validation in WPF components. While explicit patch diffs aren't available, Microsoft's advisory explicitly references XAML source validation fixes. XamlReader.Load is the canonical XAML parsing method that would require security checks for untrusted input. The medium confidence reflects the lack of direct commit evidence, but aligns with: 1) Vulnerability description mentioning markup processing 2) WPF's XAML processing architecture 3) Patch version increments in WindowsDesktop packages 4) CWE-20 (input validation) context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* r*mot* *o** *x**ution vuln*r**ility *xists in .N*T so*tw*r* w**n t** so*tw*r* **ils to ****k t** sour** m*rkup o* * *il*.*n *tt**k*r w*o su***ss*ully *xploit** t** vuln*r**ility *oul* run *r*itr*ry *o** in t** *ont*xt o* t** *urr*nt us*r, *k* '.N*T

Reasoning

T** vuln*r**ility **nt*rs on improp*r X*ML m*rkup v*li**tion in WP* *ompon*nts. W*il* *xpli*it p*t** *i**s *r*n't *v*il**l*, Mi*roso*t's **visory *xpli*itly r***r*n**s X*ML sour** v*li**tion *ix*s. `X*mlR****r.Lo**` is t** **noni**l X*ML p*rsin* m*t*

8.8

Basic Information

Concerned about an active attack path?

CVE-2020-0606: Remote code execution in Microsoft.WindowsDesktop.App.Ref

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI