Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-24893

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Visual Studio Code
Vendor: CVE Published:; 11 April 2023

Summary

A remote code execution vulnerability has been identified in Microsoft Visual Studio Code, allowing attackers to execute arbitrary code on affected installations. This type of vulnerability can potentially lead to unauthorized access or control over the software environment, exposing sensitive information or compromising system integrity. Users are advised to apply necessary updates and patches to mitigate this risk.

Affected Version(s)

Visual Studio Code Unknown 1.0.0 < 1.77.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Jan 31, 2023