Msrc Microsoft Visual Studio 2019 Version 16.11 vulnerabilities

CVE-2023-36793 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-36792 [HIGH] CWE-190 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-36796 [HIGH] CWE-191 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim need

CVE-2023-36759 [MEDIUM] CWE-822 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? A domain user could use this vulnerability to elevate privileges to SYSTEM assigned integrity level. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability re

CVE-2023-36897 [HIGH] CWE-20 Visual Studio Tools for Office Runtime Spoofing Vulnerability Visual Studio Tools for Office Runtime Spoofing Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on install to be compromised by the attacker. FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could bypass validation as a trusted source through a crafted certifica

CVE-2023-29349 [HIGH] CWE-191 Microsoft ODBC and OLE DB Remote Code Execution Vulnerability Microsoft ODBC and OLE DB Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an

CVE-2023-29012 [HIGH] CWE-23 GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists GitHub: CVE-2023-29012 Git CMD erroneously executes `doskey.exe` in current directory, if it exists FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds

CVE-2023-32026 [HIGH] CWE-122 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out

CVE-2023-27911 [HIGH] CWE-122 AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce

CVE-2023-29356 [HIGH] CWE-416 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out

CVE-2023-29007 [HIGH] CWE-77 GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` GitHub: CVE-2023-29007 Arbitrary configuration injection via `git submodule deinit` FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable

CVE-2023-32027 [HIGH] CWE-122 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out

CVE-2023-32028 [HIGH] CWE-122 Microsoft SQL OLE DB Remote Code Execution Vulnerability Microsoft SQL OLE DB Remote Code Execution Vulnerability FAQ: If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability? Yes, customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be

CVE-2023-32025 [HIGH] CWE-122 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out

CVE-2023-27910 [HIGH] AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio a

CVE-2023-27909 [HIGH] CWE-122 AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce t

CVE-2023-29011 [HIGH] CWE-23 GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio

CVE-2023-24897 [HIGH] CWE-122 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carrie

CVE-2023-25652 [HIGH] GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. P

CVE-2023-25815 [LOW] GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Ple