Msrc Microsoft Visual Studio 2017 Version 15.9 vulnerabilities

CVE-2020-1161 [HIGH] ASP.NET Core Denial of Service Vulnerability ASP.NET Core Denial of Service Vulnerability Description: A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing speci

CVE-2020-1108 [HIGH] .NET Core & .NET Framework Denial of Service Vulnerability .NET Core & .NET Framework Denial of Service Vulnerability Description: A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core or .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated a

CVE-2020-0900 [MEDIUM] Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions. To exploit the vulnerability, an attacker wou

CVE-2020-0899 [MEDIUM] Microsoft Visual Studio Elevation of Privilege Vulnerability Microsoft Visual Studio Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. To exploit this vulnerability, an attacker would first have to log on

CVE-2020-0793 [HIGH] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. Th

CVE-2020-0810 [HIGH] Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that

CVE-2020-0884 [LOW] Microsoft Visual Studio Spoofing Vulnerability Microsoft Visual Studio Spoofing Vulnerability Description: A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL. An attacker who successfully exploited this vulnerability could compromise the access tokens, exposing security and privacy risks. To exploit this vulnerability, an attacker would need to monitor the network traffic between a client machine and server while

CVE-2019-1387 [HIGH] Git for Visual Studio Remote Code Execution Vulnerability Git for Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configu

CVE-2019-1352 [HIGH] Git for Visual Studio Remote Code Execution Vulnerability Git for Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configu

CVE-2019-1354 [HIGH] Git for Visual Studio Remote Code Execution Vulnerability Git for Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configu

CVE-2019-1349 [HIGH] Git for Visual Studio Remote Code Execution Vulnerability Git for Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configu

CVE-2019-1350 [HIGH] Git for Visual Studio Remote Code Execution Vulnerability Git for Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configu

CVE-2019-1351 [HIGH] Git for Visual Studio Tampering Vulnerability Git for Visual Studio Tampering Vulnerability Description: A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerabilit

CVE-2019-1425 [MEDIUM] Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files. An attacker who successfully exploited this vulnerability could overwrite arbitrary files in the security context of the local system. To exploit this vulnerability, an attacker would need to trick an elevated user into downl

CVE-2019-1232 [HIGH] Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could e

CVE-2019-1211 [HIGH] Git for Visual Studio Elevation of Privilege Vulnerability Git for Visual Studio Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system p

CVE-2019-1113 [HIGH] .NET Framework Remote Code Execution Vulnerability .NET Framework Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system.

CVE-2019-1077 [MEDIUM] Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content in the security context of the local system. To exploit this vulnerability, an attacker would first have to log on to the system. An atta

CVE-2019-0727 [HIGH] Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability Description: An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the sys

CVE-2019-0809 [HIGH] Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the