Msrc Microsoft Visual Studio 2022 Version 17.11 vulnerabilities
10 known vulnerabilities affecting msrc/microsoft_visual_studio_2022_version_17.11.
Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2024-43498CRITICALCVSS 9.82024-11-12
CVE-2024-43498 [CRITICAL] CWE-843 .NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app.
.NET and Visual Studio: .NET and Visual Studio
Microsoft: Microsoft
Customer Action Re
msrc
CVE-2024-43499HIGHCVSS 7.52024-11-12
CVE-2024-43499 [HIGH] CWE-409 .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio: .NET and Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6
Reference: https:/
msrc
CVE-2024-49044MEDIUMCVSS 6.72024-11-12
CVE-2024-49044 [MEDIUM] CWE-284 Visual Studio Elevation of Privilege Vulnerability
Visual Studio Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.
FAQ: According to the CVSS metric, user inter
msrc
CVE-2024-43484HIGHCVSS 7.52024-10-08
CVE-2024-43484 [HIGH] CWE-407 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, Visual Studio: .NET, .NET Framework, Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://github.com/PowerShell/A
msrc
CVE-2024-43590HIGHCVSS 7.82024-10-08
CVE-2024-43590 [HIGH] CWE-284 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
Visual C++ Redistributable Installer Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account.
Visual C++ Redistributable Installer: Visual C++ Redistributable I
msrc
CVE-2024-38229HIGHCVSS 8.12024-10-08
CVE-2024-38229 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
.NET and Visual Studio: .NET and Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit S
msrc
CVE-2024-43483HIGHCVSS 7.52024-10-08
CVE-2024-43483 [HIGH] CWE-407 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
.NET, .NET Framework, Visual Studio: .NET, .NET Framework, Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://github.com/PowerShell/A
msrc
CVE-2024-43485HIGHCVSS 7.52024-10-08
CVE-2024-43485 [HIGH] CWE-407 .NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio: .NET and Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://github.com/PowerShell/Announcements/issues/71
Reference: https://my.visualstudio.c
msrc
CVE-2024-43603MEDIUMCVSS 5.52024-10-08
CVE-2024-43603 [MEDIUM] CWE-59 Visual Studio Collector Service Denial of Service Vulnerability
Visual Studio Collector Service Denial of Service Vulnerability
Visual Studio: Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.11
Reference: https
msrc
CVE-2024-35272HIGHCVSS 8.82024-07-09
CVE-2024-35272 [HIGH] CWE-122 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning
msrc