Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2019-1486

Опубликовано: 10 дек. 2019
Источник: msrc
EPSS Низкий

Описание

Visual Studio Live Share Spoofing Vulnerability

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host. An attacker who successfully exploited this vulnerability could cause a connected guest's computer to open a browser and navigate to a URL without consent from the guest.

To exploit the vulnerability, an attacker would need to host a Live Share session and convince a targeted user to connect to the session.

The update addresses the vulnerability by prompting the Live Share guest for consent prior to browsing to the host-specified URL.

FAQ

I want to install the latest supported service baseline for Visual Studio. Do I need to install the previous versions first?

No. For both Visual Studio 2019 and Visual Studio 2017, the latest supported servicing baseline is cumulative. For example, if you need to install Visual Studio 2019 version 16.4 you do NOT first have to install any previous versions. See Visual Studio 2019 version 16.4 Release Notes for more information.

Обновления

ПродуктСтатьяОбновление
Microsoft Visual Studio 2019 version 16.0
Release Notes
Security Update
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Release Notes
Security Update
Microsoft Visual Studio Live Share extension
Release Notes
Security Update
Microsoft Visual Studio Code Live Share extension
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

EPSS

Процентиль: 52%
0.00292
Низкий

Связанные уязвимости

nvd логотип

CVE-2019-1486

CVSS3: 6.1
nvd
около 6 лет назад

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.

github логотип

GHSA-3xvp-fcxr-3mvq

CVSS3: 6.1
github
больше 3 лет назад

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'.

fstec логотип

BDU:2019-04739

CVSS3: 4.7
fstec
около 6 лет назад

Уязвимость расширения Live Share средства разработки программного обеспечения Microsoft Visual Studio, позволяющая нарушителю перенаправить пользователя на вредоносный URL

EPSS

Процентиль: 52%
0.00292
Низкий