Описание
.NET and Visual Studio Remote Code Execution Vulnerability
FAQ
According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L) and availability (A:L). What does that mean for this vulnerability?
While we cannot rule out the impact to Confidentiality, Integrity, and Availability, the ability to exploit this vulnerability by itself is limited. An attacker would need to combine this with other vulnerabilities to perform an attack.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of this vulnerability requires that a user trigger the payload in the application.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to chain other vulnerabilities in order to successfully gain unauthorized access to the target environment.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| .NET Core 3.1 | ||
| PowerShell 7.0 | ||
| .NET 5.0 | ||
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| PowerShell 7.1 | ||
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft Visual Studio 2022 version 17.0 | ||
| PowerShell 7.2 | ||
| .NET 6.0 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код
EPSS
6.3 Medium
CVSS3