.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2023-24897

7.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Visual Studio 2017 Version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2022 Version 17.2
Microsoft Visual Studio 2019 Version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 Version 17.0
Vendor
CVE Published:
14 June 2023

Badges

📰 News Worthy

Summary

A vulnerability exists in the .NET Framework and Visual Studio that could allow an attacker to execute arbitrary code on the target system. This flaw can be exploited if a user opens a specially crafted file that triggers the vulnerability. Successful exploitation may allow an attacker to install programs, view, change, or delete data, or create new accounts with full user rights. It is crucial for users to apply the latest updates provided by Microsoft to mitigate the risks associated with this vulnerability.

Affected Version(s)

.NET 6.0 Unknown 6.0.0 < 6.0.18

.NET 7.0 Unknown 7.0.0 < 7.0.7

Microsoft .NET Framework 3.5 and 4.6.2 Windows 10 for 32-bit Systems 4.7.0 < 10.0.10240.19983

News Articles

favicon imageSC Magazine

Microsoft fixes six critical vulnerabilities on Patch Tuesday

For the first time since March 2022, the company did not disclose any new zero-day bug fixes, but did address six critical vulnerabilities in different products.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by SC Magazine

  • Vulnerability published

  • Vulnerability Reserved

.