Описание
.NET Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of this vulnerability requires that a user trigger the payload in the application.
According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?
An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.6 | ||
| Microsoft Visual Studio 2022 version 17.8 | ||
| Microsoft Visual Studio 2022 version 17.10 | ||
| .NET 8.0 installed on Linux | ||
| .NET 9.0 installed on Linux | ||
| Microsoft Visual Studio 2022 version 17.12 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
EPSS
7.3 High
CVSS3