The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of VSTO

Microsoft: executing DLL code
An attacker can create a malicious DLL, and then put it in the current directory of a Microsoft application, in order to execute code...
VIGILANCE-VUL-23108
Visual Studio: Cross Site Request Forgery via ASP.NET MVC5/6
An attacker can trigger a Cross Site Request Forgery in ASP.NET MVC5/6 of Visual Studio, in order to force the victim to perform operations...
3137909, VIGILANCE-VUL-18913
Microsoft DIA SDK: memory corruption via msdia.dll
An attacker can invite the victim to open a malicious PDB file, to generate a memory corruption in msdia.dll of Microsoft DIA SDK, in order to trigger a denial of service, and possibly to execute code...
CVE-2014-3802, VIGILANCE-VUL-14778, ZDI-14-129
ASP.NET SignalR: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of ASP.NET SignalR, in order to execute JavaScript code in the context of the web site...
2905244, BID-64093, CERTA-2013-AVI-669, CVE-2013-5042, MS13-103, VIGILANCE-VUL-13933
Windows, Office, .NET, Lync: code execution via TrueType
An attacker can invite the victim to open a document containing a malicious font, generating an error in the Windows kernel, in order to execute code...
2848295, CERTA-2013-AVI-400, CVE-2013-3129, MS13-054, VIGILANCE-VUL-13082
Visual Studio Team Foundation Server: Cross Site Scripting
An attacker can generate a Cross Site Scripting in Visual Studio Team Foundation Server, in order to execute JavaScript code in the context of the web site...
2719584, BID-55409, CERTA-2012-AVI-494, CVE-2012-1892, MS12-061, VIGILANCE-VUL-11931
Office, SQL Server, HIS, Visual Basic: code execution via MSCOMCTL.OCX
An attacker can invite the victim to browse a web page loading the MSCOMCTL.OCX ActiveX, in order to execute code on his computer...
2720573, BID-54948, CERTA-2012-AVI-443, CVE-2012-1856, MS12-060, VIGILANCE-VUL-11851
Microsoft Office: code execution via DLL Preload
An attacker can create a malicious DLL and invite the victim to open an Office document in the same directory, in order to execute code...
2707960, BID-54303, CERTA-2012-AVI-376, CVE-2012-1854, MS12-046, VIGILANCE-VUL-11756
Windows: code execution via MSCOMCTL.OCX
An attacker can invite the victim to browse a web page loading the MSCOMCTL.OCX ActiveX, in order to execute code on his computer...
2664258, BID-52911, CERTA-2012-AVI-206, CVE-2012-0158, MS12-027, VIGILANCE-VUL-11529
Microsoft Visual Studio: code execution via add-ins
A local attacker can add an add-in to Microsoft Visual Studio, and then invite another user to start the application, so the code located in the add-in is run with his privileges...
2651019, BID-52329, CERTA-2012-AVI-139, CVE-2012-0008, MS12-021, VIGILANCE-VUL-11437
Our database contains other pages. You can request a free trial to read them.

Display information about VSTO: