ET WEB_SPECIFIC_APPS Microsoft Sharepoint Authenticated WebParts TypeConverter Remote Code Execution (CVE-2020-0932)

SID: 2063648Rev: 111 views
Sourceet/open
CreatedJuly 22, 2025
UpdatedJuly 22, 2025
Classificationweb-application-attack
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Microsoft Sharepoint Authenticated WebParts TypeConverter Remote Code Execution (CVE-2020-0932)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/_vti_bin/WebPartPages.asmx"; fast_pattern; http.request_body; content:"|3c|RenderWebPartForEdit"; content:"|3c|property"; content:"System.Resources.ResXFileRef"; reference:url,www.zerodayinitiative.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters; reference:cve,2020-0932; classtype:web-application-attack; sid:2063648; rev:1; metadata:affected_product Microsoft_Sharepoint, attack_target Server, tls_state TLSDecrypt, created_at 2025_07_22, cve CVE_2020_0932, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2025_07_22, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

urlwww.zerodayinitiative.com/blog/2020/4/28/cve-2020-0932-remote-code-execution-on-microsoft-sharepoint-using-typeconverters
cve2020-0932

Metadata

affected productMicrosoft_Sharepoint
attack targetServer
tls stateTLSDecrypt
created at2025_07_22
deploymentInternal
confidenceMedium
signature severityMajor
tagExploit
updated at2025_07_22
mitre tactic idTA0001
mitre tactic nameInitial_Access
mitre technique idT1190
mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!