Visual Studio Elevation of Privilege Vulnerability
CVE-2023-28262

7.8HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft Visual Studio 2022 Version 17.2; Microsoft Visual Studio 2019 Version 16.11 (includes 16.0 - 16.10); Microsoft Visual Studio 2022 Version 17.0; Microsoft Visual Studio 2022 Version 17.4
Vendor: CVE Published:; 11 April 2023

Summary

An elevation of privilege vulnerability exists in Microsoft Visual Studio that could allow an attacker to gain elevated permissions on the affected system. This issue arises due to improper handling of certain operations within the application. Successful exploitation of this vulnerability could give an attacker the ability to execute arbitrary code in the context of the user running Visual Studio, potentially leading to unauthorized access and manipulation of sensitive data. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Unknown 16.11.0 < 16.11.26

Microsoft Visual Studio 2022 version 17.0 Unknown 17.0.0 < 17.0.21

Microsoft Visual Studio 2022 version 17.2 Unknown 17.2.0 < 17.2.15

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 13, 2023