CVE-2020-1066

HIGH EXPLOITED RANSOMWARE

.NET Framework - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2020-1066 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns. EIP tracks 4 public exploits from researchers including cbwang505, xyddnljydd, Ascotbe.

AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-1066, a Windows privilege escalation vulnerability. The code includes utilities for manipulating Windows objects and directories, likely to exploit a flaw in the Windows kernel or file system handling.

Description

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'.

Exploits (4)

nomisec WORKING POC 187 stars
by cbwang505 · local
https://github.com/cbwang505/CVE-2020-1066-EXP

This repository contains a proof-of-concept exploit for CVE-2020-1066, a Windows privilege escalation vulnerability. The code includes utilities for manipulating Windows objects and directories, likely to exploit a flaw in the Windows kernel or file system handling.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Windows (specific version not specified)
Auth required
Prerequisites: Local access to a vulnerable Windows system · Administrative or system-level privileges to execute the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB 1 stars
by xyddnljydd · poc
https://github.com/xyddnljydd/cve-2020-1066

This repository contains auto-generated RPC client stubs for CVE-2020-1066, likely part of a larger exploit framework. The code is boilerplate MIDL-generated RPC bindings without exploitative logic.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Windows RPC (specific service unclear)
No auth needed
Prerequisites: RPC endpoint exposure
devstral-2 · analyzed Feb 16, 2026 Full analysis →
patchapalooza WRITEUP
by Ascotbe · local
https://github.com/Ascotbe/Kernelhub

This repository is a collection of documentation and metadata for various Windows CVEs, including CVE-2003-0352, CVE-2006-3439, CVE-2008-1084, and others. It contains README files with descriptions and a Python script for generating documentation, but no functional exploit code for CVE-2020-1066.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Windows (various versions)
No auth needed
Prerequisites: access to the repository
devstral-2 · analyzed Feb 23, 2026 Full analysis →
patchapalooza WORKING POC
by cbwang505 · poc
https://gitee.com/cbwang505/CVE-2020-1066-EXP

This repository contains a functional exploit for CVE-2020-1066, a Windows privilege escalation vulnerability. The code includes utilities for manipulating file system objects and COM objects to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows (specific version not specified in provided code)
Auth required
Prerequisites: Local access to a vulnerable Windows system · Administrative privileges to execute the exploit
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.3311
EPSS Percentile 97.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2025-12-08
Ransomware Use Confirmed
Status published
Products (2)
microsoft/.net_framework 3.0 sp2
microsoft/.net_framework 3.5.1
Published May 21, 2020
Tracked Since Feb 18, 2026