CVE-2020-1350— Microsoft Windows DNS Server 输入验证错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2020-1350の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
N/A
ソース: NVD (National Vulnerability Database)
脆弱性説明
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.
ソース: NVD (National Vulnerability Database)
CVSS情報
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
N/A
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Microsoft Windows DNS Server 输入验证错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统。 Microsoft Windows DNS Server 存在输入验证错误漏洞,该漏洞源于程序无法正确处理请求。攻击者可通过发送恶意的请求利用该漏洞在本地系统帐户的上下文中运行任意代码。以下产品及版本受到影响:Windows Server 2008 SP2,Windows Server 2008 R2 SP1,Windows Server 2012,Windows Server 2012 R2,Windo
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Microsoft | Windows Server | 2019 | - | |
| Microsoft | Windows Server, version 1909 (Server Core installation) | unspecified | - | |
| Microsoft | Windows Server, version 1903 (Server Core installation) | unspecified | - | |
| Microsoft | Windows Server, version 2004 (Server Core installation) | unspecified | - |
II. CVE-2020-1350の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | HoneyPoC: Proof-of-Concept (PoC) script to exploit SIGRed (CVE-2020-1350). Achieves Domain Admin on Domain Controllers running Windows Server 2000 up to Windows Server 2019. | https://github.com/ZephrFish/CVE-2020-1350_HoneyPoC | POC詳細 |
| 2 | None | https://github.com/mr-r3b00t/CVE-2020-1350 | POC詳細 |
| 3 | Fake exploit tool, designed to rickroll users attempting to actually exploit. | https://github.com/zoomerxsec/Fake_CVE-2020-1350 | POC詳細 |
| 4 | This Powershell Script is checking if your server is vulnerable for the CVE-2020-1350 Remote Code Execution flaw in the Windows DNS Service | https://github.com/T13nn3s/CVE-2020-1350 | POC詳細 |
| 5 | Detection of attempts to exploit Microsoft Windows DNS server via CVE-2020-1350 (AKA SIGRed) | https://github.com/corelight/SIGRed | POC詳細 |
| 6 | Windows registry mitigation response to CVE-2020-1350 | https://github.com/jmaddington/dRMM-CVE-2020-1350-response | POC詳細 |
| 7 | A denial-of-service proof-of-concept for CVE-2020-1350 | https://github.com/maxpl0it/CVE-2020-1350-DoS | POC詳細 |
| 8 | Denial of Service PoC for CVE-2020-1350 (SIGRed) | https://github.com/captainGeech42/CVE-2020-1350 | POC詳細 |
| 9 | CVE-2020-1350 Proof-of-Concept | https://github.com/connormcgarr/CVE-2020-1350 | POC詳細 |
| 10 | Scanner and Mitigator for CVE 2020-1350 | https://github.com/graph-inc/CVE-2020-1350 | POC詳細 |
| 11 | DNS Vulnerability - CVE-2020-1350 | https://github.com/CVEmaster/CVE-2020-1350 | POC詳細 |
| 12 | A powershell script to deploy the registry mitigation key for CVE-2020-1350 | https://github.com/gdwnet/cve-2020-1350 | POC詳細 |
| 13 | A registry-based workaround can be used to help protect an affected Windows server, and it can be implemented without requiring an administrator to restart the server. Because of the volatility of this vulnerability, administrators may have to implement the workaround before they apply the security update in order to enable them to update their systems by using a standard deployment cadence. | https://github.com/simeononsecurity/CVE-2020-1350-Fix | POC詳細 |
| 14 | Comprueba si su servidor DNS es vulnerable a la ejecución remota de código. | https://github.com/5l1v3r1/CVE-2020-1350-checker.ps1 | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2020-1350のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Microsoft · 2020-07-14 · 123 CVEs total
| CVE-2020-1336 | 7.8 HIGH | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2020-1429 | Microsoft Windows Error Reporting Manager 安全漏洞 | |
| CVE-2020-1430 | Microsoft Windows UPnP 安全漏洞 | |
| CVE-2020-1428 | Microsoft Windows Network Connections Service 安全漏洞 | |
| CVE-2020-1427 | Microsoft Windows Network Connections Service 安全漏洞 | |
| CVE-2020-1426 | Microsoft Windows Kernel 信息泄露漏洞 | |
| CVE-2020-1424 | Microsoft Windows Update Stack 安全漏洞 | |
| CVE-2020-1423 | Microsoft Windows Subsystem for Linux 安全漏洞 | |
| CVE-2020-1422 | Microsoft Windows Runtime 安全漏洞 | |
| CVE-2020-1421 | Microsoft Windows 安全漏洞 | |
| CVE-2020-1420 | Microsoft Windows Error Reporting 信息泄露漏洞 | |
| CVE-2020-1419 | Microsoft Windows Kernel 缓冲区错误漏洞 | |
| CVE-2020-1418 | Microsoft Windows Diagnostics Execution Service 输入验证错误漏洞 | |
| CVE-2020-1416 | Microsoft Visual Studio和Visual Studio Code 安全漏洞 | |
| CVE-2020-1415 | Microsoft Windows Runtime 安全漏洞 | |
| CVE-2020-1414 | Microsoft Windows Runtime 安全漏洞 | |
| CVE-2020-1413 | Microsoft Windows Runtime 安全漏洞 | |
| CVE-2020-1403 | Microsoft Internet Explorer VBScript Engine 缓冲区错误漏洞 | |
| CVE-2020-1402 | Microsoft Windows ActiveX Installer Service 安全漏洞 | |
| CVE-2020-1401 | Microsoft Jet Database Engine 缓冲区错误漏洞 |
Showing 20 of 123 CVEs. View all on vendor page →
IV. 関連脆弱性
同じベンダー: Microsoft
- CVE-2026-42826
Azure DevOps Information Disclosure Vulnerability - CVE-2026-35428
Azure Cloud Shell Spoofing Vulnerability - CVE-2026-35435
Azure AI Foundry Elevation of Privilege Vulnerability - CVE-2026-34327
Microsoft Partner Center Spoofing Vulnerability - CVE-2026-33844
Azure Managed Instance for Apache Cassandra Remote Code Exec
V. CVE-2020-1350へのコメント
まだコメントはありません