Skip to main content

Visual Studio CVE-2020-1133

MEDIUM
2020-09-11 secure@microsoft.com
5.5
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 11, 2020 - 17:15 cve.org
MEDIUM 5.5

DescriptionCVE.org

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>

AnalysisAI

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Technical ContextAI

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p> Affected products include: Microsoft Visual Studio, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019, Microsoft Windows 10, Microsoft Windows Server 2016.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-49739 HIGH
8.8 Jul 08

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to eleva

CVE-2022-35827 HIGH
8.8 Aug 09

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2022-35826 HIGH
8.8 Aug 09

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2022-35825 HIGH
8.8 Aug 09

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2022-35777 HIGH
8.8 Aug 09

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2014-3802 MEDIUM
6.8 May 20

msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not

CVE-2023-24897 HIGH
7.8 Jun 14

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulner

CVE-2021-28322 HIGH
7.8 Apr 13

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu

CVE-2021-28321 HIGH
7.8 Apr 13

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu

CVE-2021-28313 HIGH
7.8 Apr 13

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu

CVE-2021-1680 HIGH
7.8 Jan 12

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerabil

CVE-2021-1651 HIGH
7.8 Jan 12

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerabil

Share

CVE-2020-1133 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy