CVE-2019-1077

5 documents5 sources

Severity

5.0MEDIUM

EPSS

0.6%

top 31.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Microsoft Visual Studio 2017 Microsoft Microsoft Visual Studio 2019 Microsoft Visual Studio 2017 +1 more

Timeline

PublishedJul 15

Latest updateMay 24

Description

An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages4 packages

▶NVDmicrosoft/visual_studio_201715.9

▶NVDmicrosoft/visual_studio_201916.0, 16.1+1

▶CVEListV5microsoft/microsoft_visual_studio_2017version 15.9

▶CVEListV5microsoft/microsoft_visual_studio_201916.0, 16.1+1

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-v6mc-r5p8-5hxq: An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevatio↗2022-05-24

▶

CVEList

CVE-2019-1077: An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevatio↗2019-07-15

▶

📋Vendor Advisories

Microsoft

Visual Studio Elevation of Privilege Vulnerability↗2019-07-09

▶

💬Community

Bugzilla

CVE-2017-18594 nmap: denial of service condition due to a double free when SSH connection fails↗2019-09-05

▶