Описание
Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain the privileges of the authenticated user.
According to the CVSS metric, the attack vector is local (AV:L), privileges are low (PR:L), and user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires an authenticated attacker to place a specially crafted .dll file in a local network location. When a victim runs this file, it loads the malicious DLL.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Visual Studio Tools for Applications (VSTA) 2019 | ||
| Visual Studio Tools for Applications (VSTA) 2022 | ||
| SQL Server Management Studio 20.2 | ||
| VSTA 2022 SDK | ||
| VSTA 2019 SDK |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
Уязвимость набора инструментов для настройки приложений Microsoft Visual Studio Tools for Applications (VSTA), связанная с неконтролируемым элементом пути поиска, позволяющая нарушителю повысить свои привилегии
EPSS
7.3 High
CVSS3