PoC Released for Critical CVE-2020-1147 flaw, SharePoint servers exposed to hack

From securityaffairs.co

CVE-2020-1147 is a critical vulnerability in .NET Framework, SharePoint, and Visual Studio that was recently addressed by Microsoft with the release of the July 2020 Patch Tuesday security updates.

The flaw is caused by the lack of check of the source markup of XML file input, it could be exploited by an attacker to run arbitrary code in the context of the process where deserialization of XML content occurs.

“A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.” reads the security advisory published by Microsoft.

Read more…