The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Visual Studio

computer vulnerability note CVE-2019-0727

Microsoft Visual Studio: privilege escalation via Standard Collector

Synthesis of the vulnerability

An attacker can bypass restrictions via Standard Collector of Microsoft Visual Studio, in order to escalate his privileges.
Impacted products: Visual Studio.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 15/05/2019.
Identifiers: CERTFR-2019-AVI-225, CVE-2019-0727, FG-VD-19-013, VIGILANCE-VUL-29299.

Description of the vulnerability

An attacker can bypass restrictions via Standard Collector of Microsoft Visual Studio, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 29203

Microsoft Visual Studio: memory corruption via __asm Generated Code

Synthesis of the vulnerability

An attacker can trigger a memory corruption via __asm Generated Code of Microsoft Visual Studio, in order to trigger a denial of service, and possibly to run code.
Impacted products: Visual Studio.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/05/2019.
Identifiers: VIGILANCE-VUL-29203, ZDI-19-448.

Description of the vulnerability

An attacker can trigger a memory corruption via __asm Generated Code of Microsoft Visual Studio, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8172 CVE-2018-8232

Microsoft Visual Studio: vulnerabilities of July 2018

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: Visual Studio.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/12/2018.
Identifiers: CVE-2018-8172, CVE-2018-8232, VIGILANCE-VUL-28011.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-8599

Microsoft Visual Studio: privilege escalation via Diagnostics Hub Standard Collector Service

Synthesis of the vulnerability

An attacker can bypass restrictions via Diagnostics Hub Standard Collector Service of Microsoft Visual Studio, in order to escalate his privileges.
Impacted products: Visual Studio, Windows 10, Windows 2016, Windows 2019.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 12/12/2018.
Identifiers: CERTFR-2018-AVI-598, CVE-2018-8599, VIGILANCE-VUL-28008.

Description of the vulnerability

An attacker can bypass restrictions via Diagnostics Hub Standard Collector Service of Microsoft Visual Studio, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0952

Microsoft Visual Studio: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of Microsoft Visual Studio, in order to escalate his privileges.
Impacted products: Visual Studio.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: document.
Creation date: 16/08/2018.
Identifiers: CERTFR-2018-AVI-399, CVE-2018-0952, VIGILANCE-VUL-26989.

Description of the vulnerability

An attacker can bypass restrictions of Microsoft Visual Studio, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1037

Microsoft Visual Studio: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Microsoft Visual Studio, in order to obtain sensitive information.
Impacted products: Visual Studio.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 11/04/2018.
Identifiers: CERTFR-2018-AVI-181, CVE-2018-1037, VIGILANCE-VUL-25833.

Description of the vulnerability

An attacker can bypass access restrictions to data of Microsoft Visual Studio, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 23108

Microsoft: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code.
Impacted products: Office, Access, Office Communicator, Excel, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word, SQL Server, Visual Studio.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet server.
Creation date: 30/06/2017.
Identifiers: VIGILANCE-VUL-23108.

Description of the vulnerability

The Microsoft product uses external shared libraries (DLL).

However, if the working directory contains a malicious DLL, it is automatically loaded.

An attacker can therefore create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 18913

Visual Studio: Cross Site Request Forgery via ASP.NET MVC5/6

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery in ASP.NET MVC5/6 of Visual Studio, in order to force the victim to perform operations.
Impacted products: Visual Studio.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 10/02/2016.
Identifiers: 3137909, VIGILANCE-VUL-18913.

Description of the vulnerability

The Visual Studio product offers ASP.NET MVC5 and MVC6, used to create web services.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery in ASP.NET MVC5/6 of Visual Studio, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-3802

Microsoft DIA SDK: memory corruption via msdia.dll

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious PDB file, to generate a memory corruption in msdia.dll of Microsoft DIA SDK, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Visual Studio.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 21/05/2014.
Identifiers: CVE-2014-3802, VIGILANCE-VUL-14778, ZDI-14-129.

Description of the vulnerability

The Microsoft DIA SDK product can be installed with Visual Studio.

The debugger uses a file in PDB format. However, a malformed PDB file corrupts the msdia.dll memory.

An attacker can therefore invite the victim to open a malicious PDB file, to generate a memory corruption in msdia.dll of Microsoft DIA SDK, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5042

ASP.NET SignalR: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of ASP.NET SignalR, in order to execute JavaScript code in the context of the web site.
Impacted products: IIS, .NET Framework, Visual Studio.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 11/12/2013.
Identifiers: 2905244, BID-64093, CERTA-2013-AVI-669, CVE-2013-5042, MS13-103, VIGILANCE-VUL-13933.

Description of the vulnerability

The ASP.NET SignalR library is used to establish a communication between a web browser and a web server, using JavaScript.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of ASP.NET SignalR, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Microsoft Visual Studio: