Описание
.NET and Visual Studio Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.
According to the CVSS metrics, there are multiple scores. Why does the CVE have different scores and different severities for different products?
There are different scores depending on the product due to the way symbols are read and parsed. Visual Studio has the ability to automatically query symbol servers while .NET only uses symbols present on the disk, requiring the user to manually query the symbol.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2013 Update 5 | ||
| Microsoft Visual Studio 2015 Update 3 | ||
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | ||
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft Visual Studio 2022 version 17.0 | ||
| PowerShell 7.2 | ||
| .NET 6.0 | ||
| Microsoft Visual Studio 2022 version 17.2 | ||
| Microsoft Visual Studio 2022 version 17.4 | ||
| .NET 7.0 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.4 High
CVSS3
Связанные уязвимости
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
Уязвимость программных платформ Microsoft .NET Framework и .NET, связанная с недостаточной защитой служебных данных при реализации кода отладки, позволяющая нарушителю выполнить произвольный код
EPSS
8.4 High
CVSS3