Msrc Microsoft Visual Studio 2022 Version 17.10 vulnerabilities

CVE-2024-35272 [HIGH] CWE-122 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning

CVE-2024-35264 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this by closing an http/3 stream while the request body is b

CVE-2024-38095 [HIGH] CWE-20 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://github.com/PowerShell/Announcements/issues/64 Reference: https://dotnet.microsoft.c

CVE-2024-30105 [HIGH] CWE-400 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://dotnet.microsoft.com/en-us/download/dotnet/8.0 Reference: https://support.microsoft.com/help/5041081 Remediat

CVE-2024-29187 [HIGH] CWE-284 GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM GitHub: CVE-2024-29187 WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM Description: Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An au

CVE-2024-30052 [MEDIUM] CWE-693 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate tha

CVE-2024-29060 [MEDIUM] CWE-284 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authenticated attacker could create a malicious extension and then wait for an authenticated user to create a new Visual Studio project that uses that extension. The result is that the attacker could gain the