.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2023-24895

7.8HIGH

Key Information:

Vendor: Microsoft
Status: .net 7.0; Microsoft Visual Studio 2022 Version 17.0; Microsoft Visual Studio 2022 Version 17.2; Microsoft Visual Studio 2022 Version 17.4
Vendor: CVE Published:; 14 June 2023

Summary

This vulnerability affects the .NET Framework and Visual Studio, allowing attackers to execute arbitrary code on the host machine. Successful exploitation could lead to unauthorized access, data breaches, or further network compromise. Users are advised to apply the latest security updates provided by Microsoft to mitigate risks associated with this vulnerability.

Affected Version(s)

.NET 7.0 Unknown 7.0.0 < 7.0.7

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 2.0.0 < 3.0.6920.8954; 2.0.50727.8970

Microsoft .NET Framework 3.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 3.0.0 < 3.0.6920.8954; 2.0.50727.8970

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jan 31, 2023