HTTP: Microsoft .NET Framework SharePoint and Visual Studio Insecure Deserialization

This signature detects attempts to exploit a known vulnerability against Microsoft .NET Framework, SharePoint and Visual Studio. A successful attack can lead to arbitrary code execution.

Extended Description

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Affected Products

Microsoft visual_studio_2017

References

CVE: CVE-2020-1147

Short Name
HTTP:STC:MS-NET-SP-VS-INSEC-DES
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
.NET CVE-2020-1147 Deserialization Framework Insecure Microsoft SharePoint Studio Visual and
Release Date
07/30/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3590
False Positive
Unknown
Vendors

Microsoft

CVSS Score

6.8

Found a potential security threat?