Msrc Microsoft Visual Studio 2013 Update 5 vulnerabilities

CVE-2023-36796 [HIGH] CWE-191 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-27911 [HIGH] CWE-122 AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce

CVE-2023-27910 [HIGH] AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio a

CVE-2023-27909 [HIGH] CWE-122 AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce t

CVE-2023-24897 [HIGH] CWE-122 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carrie

CVE-2023-33139 [MEDIUM] CWE-125 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure? The attack itself is carried out locally.

CVE-2023-23381 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-21808 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attac

CVE-2023-21815 [HIGH] CWE-191 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2022-35827 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-

CVE-2022-35826 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-

CVE-2022-35825 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-

CVE-2022-35777 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-

CVE-2020-16874 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could

CVE-2020-16856 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could

CVE-2019-1079 [MEDIUM] Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create specially crafted XML data and convince an authenticat

CVE-2018-8172 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in Visual Studio software when the software does not check the source code of a file for an unbuilt project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take cont

CVE-2018-1037 [MEDIUM] Microsoft Visual Studio Information Disclosure Vulnerability Microsoft Visual Studio Information Disclosure Vulnerability Description: An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files. An attacker who took advantage of this information disclosure could view uninitialized memory from the Visual Studio instance used to compile the PDB file. To take adv