CVE-2020-1147 is a critical vulnerability in .NET Framework, SharePoint, and Visual Studio that was recently addressed by Microsoft with the release of the July 2020 Patch Tuesday security updates.
The flaw is caused by the lack of check of the source markup of XML file input, it could be exploited by an attacker to run arbitrary code in the context of the process where deserialization of XML content occurs.
“A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.” reads the security advisory published by Microsoft.
Microsoft pointed out that the vulnerability is found in the DataSet and DataTable types which are .NET components that allow managing data sets.
An attacker can exploit the vulnerability by uploading a specially crafted document to a server utilizing an affected product to process content.
The CVE-2020-1147 vulnerability impacts .NET Core 2.1, .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8 (depending on the Windows version), SharePoint Enterprise Server 2013 Service Pack 1, SharePoint Enterprise Server 2016 , SharePoint Server 2010 Service Pack 2, SharePoint Server 2019, Visual Studio 2017 version 15.9, and Visual Studio 2019 versions 16.0, 16.4 and 16.6.
Now security expert Steven Seeley published technical details of the CVE-2020-1147 flaw along with a PoC exploit that works against SharePoint servers.
for this reason, administrators are recommended to install the available patches as soon as possible.
The availability of proof-of-concept (PoC) exploit could trigger a series of attacks against SharePoint servers, Microsoft has not identified any workarounds or mitigations for this vulnerability.
“Microsoft rate this bug with an exploitability index rating of 1 and we agree, meaning you should patch this immediately if you haven’t. It is highly likley that this gadget chain can be used against several applications built with .net so even if you don’t have a SharePoint Server installed, you are still impacted by this bug.” states Seeley.
(SecurityAffairs – hacking, CVE-2020-1147)