Visual Studio Code Remote Code Execution Vulnerability
CVE-2023-36742

7.8HIGH

Key Information:

Vendor

Microsoft
Status
Visual Studio Code
Vendor
CVE Published:
12 September 2023

What is CVE-2023-36742?

A remote code execution vulnerability has been identified in Visual Studio Code, exposing systems to potential exploitation. This flaw allows an attacker to execute arbitrary code on the target machine by leveraging specific inputs or scenarios. Users are urged to review the provided advisory and apply recommended patches to secure their development environments against potential threats.

Affected Version(s)

Visual Studio Code Unknown 1.0.0 < 1.82.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.