CVE-2020-16856

4 documents4 sources

Severity

7.8HIGH

EPSS

12.1%

top 6.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10

Microsoft Microsoft Visual Studio 2012 Update 5 Microsoft Microsoft Visual Studio 2013 Update 5 Microsoft Microsoft Visual Studio 2015 Update 3 +7 more

Timeline

PublishedSep 11

Latest updateOct 15

Description

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages10 packages

▶CVEListV5microsoft/microsoft_visual_studio_2012_update_511.0.0 — publication

▶CVEListV5microsoft/microsoft_visual_studio_2013_update_512.0.0 — publication

▶CVEListV5microsoft/microsoft_visual_studio_2015_update_314.0.0 — publication

▶CVEListV5microsoft/microsoft_visual_studio_2019_version_16.016.0 — publication

▶CVEListV5microsoft/microsoft_visual_studio_2017_version_15.9_(includes_15.0_-_15.8)15.9.0 — publication

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

CVEList

Visual Studio Remote Code Execution Vulnerability↗2020-09-11

▶

📋Vendor Advisories

2

Oracle

Oracle Oracle Siebel CRM Risk Matrix: Build System (Visual Studio) — CVE-2020-16856↗2022-10-15

▶

Microsoft

Visual Studio Remote Code Execution Vulnerability↗2020-09-08

▶

CVE-2020-16856 (HIGH CVSS 7.8) | A remote code execution vulnerabili | cvebase.io