Intrusion Prevention

MS.NET.Framework.XPS.File.Parsing.Remote.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Microsoft ASP.NET Core.
The vulnerability is due to improper input validation on XPS files. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted XPS file using the affected .NET Framework API. Successful exploitation could allow the attacker to execute arbitrary code under the security context of the user.

Affected Products

Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7
Microsoft .NET Framework 4.7.1
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.8
Microsoft ASP.NET Core 2.1
Microsoft ASP.NET Core 3.0
Microsoft ASP.NET Core 3.1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605

CVE References

CVE-2020-0605