CVE-2020-1066

HIGH EXPLOITED RANSOMWARE

.NET Framework - Privilege Escalation

Title source: llm

Description

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

Exploits (4)

nomisec WORKING POC 187 stars

by cbwang505 · local

https://github.com/cbwang505/CVE-2020-1066-EXP

View Code ZIP pw:eip

nomisec STUB 1 stars

by xyddnljydd · poc

https://github.com/xyddnljydd/cve-2020-1066

View Code ZIP pw:eip

patchapalooza WRITEUP

by Ascotbe · local

https://github.com/Ascotbe/Kernelhub

View Code ZIP pw:eip

patchapalooza WORKING POC

by cbwang505 · poc

https://gitee.com/cbwang505/CVE-2020-1066-EXP

View Code ZIP pw:eip

References (1)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1066

Scores

CVSS v3 7.8

EPSS 0.2970

EPSS Percentile 96.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-12-08

Ransomware Use Confirmed

Status published

Products (2)

microsoft/.net_framework 3.0 sp2

microsoft/.net_framework 3.5.1

Published May 21, 2020

Tracked Since Feb 18, 2026