Описание
Visual Studio Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires that the target system be set up in a specific manner and the attacker to have knowledge of that setup.
According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?
An authorized attacker with standard user privileges could place a malicious file in an online directory or in a local network location and then wait for the user to run the file.
According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires a specially crafted file to be placed either in an online directory or in a local network location. When a victim runs this file, it loads the malicious DLL.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Visual Studio 2022 version 17.8 | ||
| Microsoft Visual Studio 2022 version 17.10 | ||
| Microsoft Visual Studio 2022 version 17.12 | ||
| Microsoft Visual Studio 2022 version 17.14 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.1 High
CVSS3
Связанные уязвимости
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
EPSS
7.1 High
CVSS3