Visual Studio
CVE-2020-16856
HIGH
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (microsoft) · only source for this CVE.
CVSS VectorVendor: microsoft
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
AnalysisAI
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Technical ContextAI
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p> Affected products include: Microsoft Visual Studio, Microsoft Visual Studio 2017, Microsoft Visual Studio 2019.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Visual Studio
View allImproper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to eleva
Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulner
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerabil
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerabil
Share
External POC / Exploit Code
Leaving vuln.today