All the vulnerabilites related to microsoft - visual_studio
cve-2021-42277
Vulnerability from cvelistv5
Published
2021-11-10 00:47
Modified
2024-08-04 03:30
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277x_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-21-1306/x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Server 2019 Version: 10.0.0   < 10.0.17763.2300
    cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < 10.0.17763.2300
    cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < 10.0.18363.1916
    cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 21H1 Version: 10.0.0   < 10.0.19043.1348
    cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*
    cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*
Microsoft Windows Server 2022 Version: 10.0.0   < 10.0.20348.350
    cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < 10.0.19041.1348
    cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < 10.0.19041.1348
    cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*
Microsoft Windows 10 Version 20H2 Version: 10.0.0   < 10.0.19042.1348
    cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*
Microsoft Windows Server version 20H2 Version: 10.0.0   < 10.0.19041.1348
    cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1348:*:*:*:*:*:*:*
Microsoft Windows 11 version 21H2 Version: 10.0.0   < 10.0.22000.318
    cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < 10.0.10240.19119
    cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < 10.0.14393.4770
    cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < 10.0.14393.4770
    cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
Microsoft Windows Server 2016 (Server Core installation) Version: 10.0.0   < 10.0.14393.4770
    cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.41
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < 16.7.21
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.13
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.6
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 27550.00
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:37.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.2300:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2300",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2300",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.17763.2300",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:10.0.18363.1916:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.18363.1916:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.18363.1916",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:arm64:*",
            "cpe:2.3:o:microsoft:windows_10_21H1:10.0.19043.1348:*:*:*:*:*:x86:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems",
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 21H1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19043.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.350:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2022",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.20348.350",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:10.0.19041.1348:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1348:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:10.0.19042.1348:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19042.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:10.0.19041.1348:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.19041.1348",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.318:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 11 version 21H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.22000.318",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.19119:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19119",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.4770:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4770",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4770",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.4770",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.41",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.7.21",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.13",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.6",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "27550.00",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T14:47:57.294Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-42277",
    "datePublished": "2021-11-10T00:47:02",
    "dateReserved": "2021-10-12T00:00:00",
    "dateUpdated": "2024-08-04T03:30:37.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-1043
Vulnerability from cvelistv5
Published
2006-03-07 11:00
Modified
2024-08-07 16:56
Severity ?
Summary
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).
References
http://securitytracker.com/id?1015721vdb-entry, x_refsource_SECTRACK
http://www.osvdb.org/23711vdb-entry, x_refsource_OSVDB
http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.phpx_refsource_MISC
http://secunia.com/advisories/19081third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/0825vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/16953vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/426767/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/426830/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/25148vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:56:15.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1015721",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015721"
          },
          {
            "name": "23711",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/23711"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php"
          },
          {
            "name": "19081",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19081"
          },
          {
            "name": "ADV-2006-0825",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/0825"
          },
          {
            "name": "16953",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16953"
          },
          {
            "name": "20060304 Visual Studio 6.0 Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/426767/100/0/threaded"
          },
          {
            "name": "20060305 Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/426830/100/0/threaded"
          },
          {
            "name": "visualstudio-dataproject-bo(25148)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25148"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-03-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1015721",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015721"
        },
        {
          "name": "23711",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/23711"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php"
        },
        {
          "name": "19081",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19081"
        },
        {
          "name": "ADV-2006-0825",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/0825"
        },
        {
          "name": "16953",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16953"
        },
        {
          "name": "20060304 Visual Studio 6.0 Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/426767/100/0/threaded"
        },
        {
          "name": "20060305 Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/426830/100/0/threaded"
        },
        {
          "name": "visualstudio-dataproject-bo(25148)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25148"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-1043",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1015721",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015721"
            },
            {
              "name": "23711",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/23711"
            },
            {
              "name": "http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php",
              "refsource": "MISC",
              "url": "http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php"
            },
            {
              "name": "19081",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19081"
            },
            {
              "name": "ADV-2006-0825",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/0825"
            },
            {
              "name": "16953",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16953"
            },
            {
              "name": "20060304 Visual Studio 6.0 Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/426767/100/0/threaded"
            },
            {
              "name": "20060305 Microsoft Visual Studio 6.0 Sp6 Malformed .dbp File BoF Exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/426830/100/0/threaded"
            },
            {
              "name": "visualstudio-dataproject-bo(25148)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25148"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-1043",
    "datePublished": "2006-03-07T11:00:00",
    "dateReserved": "2006-03-07T00:00:00",
    "dateUpdated": "2024-08-07T16:56:15.420Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-24897
Vulnerability from cvelistv5
Published
2023-06-14 14:52
Modified
2025-01-01 01:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.16
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.27
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.22
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.8
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40700.0
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27555.0
Microsoft .NET 7.0 Version: 7.0.0   < 7.0.7
Microsoft .NET 6.0 Version: 6.0.0   < 6.0.18
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.3
Microsoft PowerShell 7.2 Version: 7.2.0   < 7.2.12
Microsoft Microsoft .NET Framework 3.5 AND 4.8 Version: 4.8.0   < 4.8.4644.0
Microsoft Microsoft .NET Framework 4.8 Version: 4.8.0   < 4.8.4644.0
Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Version: 4.7.0   < 4.7.4050.0
Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Version: 3.0.0.0   < 10.0.14393.5989
Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Version: 4.7.0   < 4.7.04043.0
Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Version: 4.8.1   < 4.8.9166.0
Microsoft Microsoft .NET Framework 4.6.2 Version: 4.7.0   < 4.7.04043.0
Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Version: 4.7.0   < 10.0.10240.19983
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:11:43.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24897",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T19:43:18.398305Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T19:43:32.943Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.55",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.16",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.27",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.22",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.8",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40700.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27555.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 7.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.0.7",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.18",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.3",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.12",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows 10 Version 1809 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4644.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2012",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.4644.0",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1809 for ARM64-based Systems",
            "Windows Server 2019",
            "Windows Server 2019 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.4050.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2016",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016 (Server Core installation)",
            "Windows 10 Version 1607 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.14393.5989",
              "status": "affected",
              "version": "3.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04043.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.9166.0",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04043.0",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 for 32-bit Systems",
            "Windows 10 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 and 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.19983",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.55",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.16",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.27",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.0.22",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.8",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "12.0.40700.0",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27555.0",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.7",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.18",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.3",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.2.12",
                  "versionStartIncluding": "7.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4644.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.4644.0",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.4050.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.14393.5989",
                  "versionStartIncluding": "3.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04043.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.9166.0",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04043.0",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.10240.19983",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:43:32.304Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
        }
      ],
      "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-24897",
    "datePublished": "2023-06-14T14:52:10.089Z",
    "dateReserved": "2023-01-31T20:32:35.472Z",
    "dateUpdated": "2025-01-01T01:43:32.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4891
Vulnerability from cvelistv5
Published
2007-09-14 01:00
Modified
2024-08-07 15:08
Severity ?
Summary
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/36572vdb-entry, x_refsource_XF
https://www.exploit-db.com/exploits/4393exploit, x_refsource_EXPLOIT-DB
http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.htmlx_refsource_MISC
http://osvdb.org/37106vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/26779third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/25638vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:33.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "visualstudio-pdwizard-code-execution(36572)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"
          },
          {
            "name": "4393",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4393"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"
          },
          {
            "name": "37106",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37106"
          },
          {
            "name": "26779",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26779"
          },
          {
            "name": "25638",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25638"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "visualstudio-pdwizard-code-execution(36572)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"
        },
        {
          "name": "4393",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4393"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"
        },
        {
          "name": "37106",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37106"
        },
        {
          "name": "26779",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26779"
        },
        {
          "name": "25638",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25638"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4891",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "visualstudio-pdwizard-code-execution(36572)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"
            },
            {
              "name": "4393",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4393"
            },
            {
              "name": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html",
              "refsource": "MISC",
              "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"
            },
            {
              "name": "37106",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37106"
            },
            {
              "name": "26779",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26779"
            },
            {
              "name": "25638",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25638"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4891",
    "datePublished": "2007-09-14T01:00:00",
    "dateReserved": "2007-09-13T00:00:00",
    "dateUpdated": "2024-08-07T15:08:33.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0842
Vulnerability from cvelistv5
Published
2007-02-13 11:00
Modified
2024-08-07 12:34
Severity ?
Summary
The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions. However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/32454vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/459847/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/2237third-party-advisory, x_refsource_SREASON
http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspxx_refsource_MISC
http://osvdb.org/33626vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:34:21.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "visualstudio-time-dos(32454)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32454"
          },
          {
            "name": "20070212 SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000).",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/459847/100/0/threaded"
          },
          {
            "name": "2237",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2237"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspx"
          },
          {
            "name": "33626",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33626"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions.  However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "visualstudio-time-dos(32454)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32454"
        },
        {
          "name": "20070212 SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000).",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/459847/100/0/threaded"
        },
        {
          "name": "2237",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2237"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://msdn2.microsoft.com/en-us/library/a442x3ye%28VS.80%29.aspx"
        },
        {
          "name": "33626",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33626"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0842",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The 64-bit versions of Microsoft Visual C++ 8.0 standard library (MSVCR80.DLL) time functions, including (1) localtime, (2) localtime_s, (3) gmtime, (4) gmtime_s, (5) ctime, (6) ctime_s, (7) wctime, (8) wctime_s, and (9) fstat, trigger an assertion error instead of a NULL pointer or EINVAL when processing a time argument later than Jan 1, 3000, which might allow context-dependent attackers to cause a denial of service (application exit) via large time values. NOTE: it could be argued that this is a design limitation of the functions, and the vulnerability lies with any application that does not validate arguments to these functions.  However, this behavior is inconsistent with documentation, which does not list assertions as a possible result of an error condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "visualstudio-time-dos(32454)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32454"
            },
            {
              "name": "20070212 SecurityVulns.com: Microsoft Visual C++ 8.0 standard library time functions invalid assertion DoS (Problem 3000).",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/459847/100/0/threaded"
            },
            {
              "name": "2237",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2237"
            },
            {
              "name": "http://msdn2.microsoft.com/en-us/library/a442x3ye(VS.80).aspx",
              "refsource": "MISC",
              "url": "http://msdn2.microsoft.com/en-us/library/a442x3ye(VS.80).aspx"
            },
            {
              "name": "33626",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33626"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0842",
    "datePublished": "2007-02-13T11:00:00",
    "dateReserved": "2007-02-07T00:00:00",
    "dateUpdated": "2024-08-07T12:34:21.084Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1232
Vulnerability from cvelistv5
Published
2019-09-11 21:24
Modified
2024-08-04 18:13
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Version: 10 for 32-bit Systems
Version: 10 for x64-based Systems
Version: 10 Version 1607 for 32-bit Systems
Version: 10 Version 1607 for x64-based Systems
Version: 10 Version 1703 for 32-bit Systems
Version: 10 Version 1703 for x64-based Systems
Version: 10 Version 1709 for 32-bit Systems
Version: 10 Version 1709 for x64-based Systems
Version: 10 Version 1803 for 32-bit Systems
Version: 10 Version 1803 for x64-based Systems
Version: 10 Version 1803 for ARM64-based Systems
Version: 10 Version 1809 for 32-bit Systems
Version: 10 Version 1809 for x64-based Systems
Version: 10 Version 1809 for ARM64-based Systems
Version: 10 Version 1709 for ARM64-based Systems
Microsoft Windows Server Version: 2016
Version: 2016 (Core installation)
Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Microsoft Microsoft Visual Studio 2017 Version: version 15.9
Version: 15.0
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Version: 16.2
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:13:29.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            },
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 15.9"
            },
            {
              "status": "affected",
              "version": "15.0"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            },
            {
              "status": "affected",
              "version": "16.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \u0027Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-11T21:24:58",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1232",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          },
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 15.9"
                          },
                          {
                            "version_value": "15.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          },
                          {
                            "version_value": "16.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \u0027Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1232",
    "datePublished": "2019-09-11T21:24:58",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:13:29.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4494
Vulnerability from cvelistv5
Published
2006-08-31 22:00
Modified
2024-08-07 19:14
Severity ?
Summary
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
References
http://www.securityfocus.com/archive/1/443499/100/100/threadedmailing-list, x_refsource_BUGTRAQ
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15x_refsource_MISC
http://www.securityfocus.com/bid/19572vdb-entry, x_refsource_BID
http://securityreason.com/securityalert/1473third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:14:47.446Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060817 [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=15"
          },
          {
            "name": "19572",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19572"
          },
          {
            "name": "1473",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1473"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060817 [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=15"
        },
        {
          "name": "19572",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19572"
        },
        {
          "name": "1473",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1473"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4494",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060817 [XSec-06-07]: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
            },
            {
              "name": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=15",
              "refsource": "MISC",
              "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=15"
            },
            {
              "name": "19572",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19572"
            },
            {
              "name": "1473",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1473"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4494",
    "datePublished": "2006-08-31T22:00:00",
    "dateReserved": "2006-08-31T00:00:00",
    "dateUpdated": "2024-08-07T19:14:47.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1280
Vulnerability from cvelistv5
Published
2011-06-16 20:21
Modified
2024-08-06 22:21
Severity ?
Summary
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
References
http://www.securityfocus.com/bid/48196vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1025647vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id?1025648vdb-entry, x_refsource_SECTRACK
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049vendor-advisory, x_refsource_MS
http://www.securitytracker.com/id?1025646vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/44912third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:21:34.188Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48196",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/48196"
          },
          {
            "name": "1025647",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025647"
          },
          {
            "name": "1025648",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025648"
          },
          {
            "name": "MS11-049",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
          },
          {
            "name": "1025646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1025646"
          },
          {
            "name": "oval:org.mitre.oval:def:12664",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
          },
          {
            "name": "44912",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "48196",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/48196"
        },
        {
          "name": "1025647",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025647"
        },
        {
          "name": "1025648",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025648"
        },
        {
          "name": "MS11-049",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
        },
        {
          "name": "1025646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1025646"
        },
        {
          "name": "oval:org.mitre.oval:def:12664",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
        },
        {
          "name": "44912",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44912"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1280",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48196",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/48196"
            },
            {
              "name": "1025647",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025647"
            },
            {
              "name": "1025648",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025648"
            },
            {
              "name": "MS11-049",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
            },
            {
              "name": "1025646",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1025646"
            },
            {
              "name": "oval:org.mitre.oval:def:12664",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
            },
            {
              "name": "44912",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44912"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1280",
    "datePublished": "2011-06-16T20:21:00",
    "dateReserved": "2011-03-04T00:00:00",
    "dateUpdated": "2024-08-06T22:21:34.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1203
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Server Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Version: 2016
Version: 2016 (Core installation)
Microsoft Windows 10 Version 1909 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1909 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1909 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1909 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 2004 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 2004 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 2004 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: unspecified
Microsoft Microsoft Visual Studio Version: 2015 Update 3
Microsoft Windows 10 Version 2004 for 32-bit Systems Version: unspecified
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:25:01.405Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1202."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T19:43:22",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1203",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1202."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1203",
    "datePublished": "2020-06-09T19:43:23",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:25:01.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2528
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:15.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6426",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6426",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2528",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6426",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2528",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:15.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2001-0153
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
Summary
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018vendor-advisory, x_refsource_MS
http://razor.bindview.com/publish/advisories/adv_vbtsql.htmlvendor-advisory, x_refsource_BINDVIEW
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T04:06:55.447Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS01-018",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018"
          },
          {
            "name": "20010327 Remote buffer overflow in DCOM VB T-SQL debugger",
            "tags": [
              "vendor-advisory",
              "x_refsource_BINDVIEW",
              "x_transferred"
            ],
            "url": "http://razor.bindview.com/publish/advisories/adv_vbtsql.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2001-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MS01-018",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018"
        },
        {
          "name": "20010327 Remote buffer overflow in DCOM VB T-SQL debugger",
          "tags": [
            "vendor-advisory",
            "x_refsource_BINDVIEW"
          ],
          "url": "http://razor.bindview.com/publish/advisories/adv_vbtsql.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2001-0153",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS01-018",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018"
            },
            {
              "name": "20010327 Remote buffer overflow in DCOM VB T-SQL debugger",
              "refsource": "BINDVIEW",
              "url": "http://razor.bindview.com/publish/advisories/adv_vbtsql.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2001-0153",
    "datePublished": "2001-05-07T04:00:00",
    "dateReserved": "2001-02-10T00:00:00",
    "dateUpdated": "2024-08-08T04:06:55.447Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3126
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 06:14
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:14:56.471Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6134",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6134",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-3126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6134",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-3126",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-09-10T00:00:00",
    "dateUpdated": "2024-08-07T06:14:56.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35777
Vulnerability from cvelistv5
Published
2022-08-09 19:59
Modified
2025-01-02 19:34
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:21.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.50",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.9.24",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.18",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.0.13",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "11.0.61252.0",
                  "versionStartIncluding": "11.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "12.0.40699.0",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27552.0",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.7",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T19:34:57.963Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35777",
    "datePublished": "2022-08-09T19:59:23",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2025-01-02T19:34:57.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-33139
Vulnerability from cvelistv5
Published
2023-06-13 23:25
Modified
2025-01-01 01:43
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.16
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.27
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.22
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.8
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40702.0
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27554.0
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33139",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T16:39:22.157046Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T16:39:30.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.55",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.16",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.27",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.22",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.8",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40702.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27554.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.3",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.55",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.16",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.27",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.0.22",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.8",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "12.0.40702.0",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27554.0",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.3",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Information Disclosure Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-01T01:43:39.771Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
        }
      ],
      "title": "Visual Studio Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-33139",
    "datePublished": "2023-06-13T23:25:55.404Z",
    "dateReserved": "2023-05-17T21:16:44.896Z",
    "dateUpdated": "2025-01-01T01:43:39.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2503
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          },
          {
            "name": "oval:org.mitre.oval:def:6491",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        },
        {
          "name": "oval:org.mitre.oval:def:6491",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2503",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            },
            {
              "name": "oval:org.mitre.oval:def:6491",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2503",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-16856
Vulnerability from cvelistv5
Published
2020-09-11 17:08
Modified
2024-08-04 13:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.0 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:45:34.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-09-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "\u003cp\u003eA remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how Visual Studio handles objects in memory.\u003c/p\u003e\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-31T21:34:01.879Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-16856",
    "datePublished": "2020-09-11T17:08:40",
    "dateReserved": "2020-08-04T00:00:00",
    "dateUpdated": "2024-08-04T13:45:34.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-28321
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 21:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Apr/40mailing-list, x_refsource_FULLDISC
http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*
Microsoft Windows Server version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:40:14.051Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321"
          },
          {
            "name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T19:21:13.552Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321"
        },
        {
          "name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-28321",
    "datePublished": "2021-04-13T19:32:55",
    "dateReserved": "2021-03-12T00:00:00",
    "dateUpdated": "2024-08-03T21:40:14.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0537
Vulnerability from cvelistv5
Published
2019-01-08 21:00
Modified
2024-08-04 17:51
Severity ?
Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537x_refsource_CONFIRM
http://www.securityfocus.com/bid/106390vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:26.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537"
          },
          {
            "name": "106390",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106390"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2012 Update 5"
            }
          ]
        }
      ],
      "datePublic": "2019-01-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-09T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537"
        },
        {
          "name": "106390",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106390"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0537",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 1"
                          },
                          {
                            "version_value": "2012 Update 5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537"
            },
            {
              "name": "106390",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106390"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0537",
    "datePublished": "2019-01-08T21:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:26.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1037
Vulnerability from cvelistv5
Published
2018-04-12 01:00
Modified
2024-08-05 03:44
Severity ?
Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
http://www.securitytracker.com/id/1040664vdb-entry, x_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037x_refsource_CONFIRM
http://www.securityfocus.com/bid/103715vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:44:11.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1040664",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040664"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037"
          },
          {
            "name": "103715",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103715"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2012 Update 5"
            },
            {
              "status": "affected",
              "version": "2013 Update 5"
            },
            {
              "status": "affected",
              "version": "2015 Update 3"
            },
            {
              "status": "affected",
              "version": "2017"
            },
            {
              "status": "affected",
              "version": "2017 Version 15.6.6"
            },
            {
              "status": "affected",
              "version": "2017 Version 15.7 Preview"
            }
          ]
        }
      ],
      "datePublic": "2018-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-12T09:57:02",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1040664",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040664"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037"
        },
        {
          "name": "103715",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103715"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-1037",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 1"
                          },
                          {
                            "version_value": "2012 Update 5"
                          },
                          {
                            "version_value": "2013 Update 5"
                          },
                          {
                            "version_value": "2015 Update 3"
                          },
                          {
                            "version_value": "2017"
                          },
                          {
                            "version_value": "2017 Version 15.6.6"
                          },
                          {
                            "version_value": "2017 Version 15.7 Preview"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1040664",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040664"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037"
            },
            {
              "name": "103715",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103715"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-1037",
    "datePublished": "2018-04-12T01:00:00",
    "dateReserved": "2017-12-01T00:00:00",
    "dateUpdated": "2024-08-05T03:44:11.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1079
Vulnerability from cvelistv5
Published
2019-07-15 18:56
Modified
2024-08-04 18:06
Severity ?
Summary
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:06:31.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2012 Update 5"
            },
            {
              "status": "affected",
              "version": "2013 Update 5"
            },
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka \u0027Visual Studio Information Disclosure Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-15T18:56:20",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-1079",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 1"
                          },
                          {
                            "version_value": "2012 Update 5"
                          },
                          {
                            "version_value": "2013 Update 5"
                          },
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka \u0027Visual Studio Information Disclosure Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-1079",
    "datePublished": "2019-07-15T18:56:20",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T18:06:31.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2502
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-10-21 16:34
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          },
          {
            "name": "oval:org.mitre.oval:def:5898",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2009-2502",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-11T16:41:52.863250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:34:33.080Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        },
        {
          "name": "oval:org.mitre.oval:def:5898",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            },
            {
              "name": "oval:org.mitre.oval:def:5898",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2502",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-10-21T16:34:33.080Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1278
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 2004 for ARM64-based Systems Version: unspecified
Microsoft Windows Version: 10 Version 1803 for 32-bit Systems
Version: 10 Version 1803 for x64-based Systems
Version: 10 Version 1803 for ARM64-based Systems
Version: 10 Version 1809 for 32-bit Systems
Version: 10 Version 1809 for x64-based Systems
Version: 10 Version 1809 for ARM64-based Systems
Version: 10 Version 1709 for x64-based Systems
Version: 10 Version 1709 for ARM64-based Systems
Version: 10 for 32-bit Systems
Version: 10 for x64-based Systems
Version: 10 Version 1607 for 32-bit Systems
Version: 10 Version 1607 for x64-based Systems
Microsoft Windows Server Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Version: 2016
Version: 2016 (Core installation)
Microsoft Windows 10 Version 1909 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1909 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1909 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1909 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: unspecified
Microsoft Microsoft Visual Studio Version: 2015 Update 3
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: unspecified
Microsoft Windows 10 Version 2004 for 32-bit Systems Version: unspecified
Microsoft Windows Server, version 2004 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Version: unspecified
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:31:59.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows 10 Version 2004 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T19:43:50",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1278",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows 10 Version 2004 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1278",
    "datePublished": "2020-06-09T19:43:50",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:31:59.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1651
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651vendor-advisory
Impacted products
Vendor Product Version
Microsoft Windows Server version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1803 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Microsoft Visual Studio 2019 version 16.8 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2016 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Windows Server 2016 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.0 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:11.009Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-01-12T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T16:17:03.178Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-1651",
    "datePublished": "2021-01-12T19:42:03",
    "dateReserved": "2020-12-02T00:00:00",
    "dateUpdated": "2024-10-08T16:17:03.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-28322
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 21:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Apr/40mailing-list, x_refsource_FULLDISC
http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*
Microsoft Windows Server version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:40:14.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322"
          },
          {
            "name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T19:21:14.048Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322"
        },
        {
          "name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-28322",
    "datePublished": "2021-04-13T19:32:56",
    "dateReserved": "2021-03-12T00:00:00",
    "dateUpdated": "2024-08-03T21:40:14.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8599
Vulnerability from cvelistv5
Published
2018-12-12 00:00
Modified
2024-08-05 07:02
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599x_refsource_CONFIRM
http://www.securityfocus.com/bid/106094vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Microsoft Windows Server 2019 Version: (Server Core installation)
Microsoft Windows Server 2016 Version: (Server Core installation)
Microsoft Windows 10 Version: 32-bit Systems
Version: Version 1607 for 32-bit Systems
Version: Version 1607 for x64-based Systems
Version: Version 1703 for 32-bit Systems
Version: Version 1703 for x64-based Systems
Version: Version 1709 for 32-bit Systems
Version: Version 1709 for ARM64-based Systems
Version: Version 1709 for x64-based Systems
Version: Version 1803 for 32-bit Systems
Version: Version 1803 for ARM64-based Systems
Version: Version 1803 for x64-based Systems
Version: Version 1809 for 32-bit Systems
Version: Version 1809 for ARM64-based Systems
Version: Version 1809 for x64-based Systems
Version: x64-based Systems
Microsoft Windows 10 Servers Version: version 1709 (Server Core Installation)
Version: version 1803 (Server Core Installation)
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:02:25.956Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599"
          },
          {
            "name": "106094",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106094"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            },
            {
              "status": "affected",
              "version": "2017"
            },
            {
              "status": "affected",
              "version": "2017 version 15.9"
            }
          ]
        },
        {
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "(Server Core installation)"
            }
          ]
        },
        {
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "(Server Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows 10 Servers",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1709  (Server Core Installation)"
            },
            {
              "status": "affected",
              "version": "version 1803  (Server Core Installation)"
            }
          ]
        }
      ],
      "datePublic": "2018-12-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability.\" This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-12-12T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599"
        },
        {
          "name": "106094",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106094"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8599",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          },
                          {
                            "version_value": "2017"
                          },
                          {
                            "version_value": "2017 version 15.9"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server 2016",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "(Server Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "32-bit Systems"
                          },
                          {
                            "version_value": "Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Servers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1709  (Server Core Installation)"
                          },
                          {
                            "version_value": "version 1803  (Server Core Installation)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability.\" This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599"
            },
            {
              "name": "106094",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106094"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8599",
    "datePublished": "2018-12-12T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T07:02:25.956Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2493
Vulnerability from cvelistv5
Published
2009-07-29 17:00
Modified
2024-08-07 05:52
Severity ?
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
References
http://www.adobe.com/support/security/bulletins/apsb09-11.htmlx_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/2034vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621vdb-entry, signature, x_refsource_OVAL
http://www.openoffice.org/security/cves/CVE-2009-2493.htmlx_refsource_CONFIRM
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlx_refsource_CONFIRM
http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035vendor-advisory, x_refsource_MS
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxx_refsource_MISC
http://www.vupen.com/english/advisories/2010/0366vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisory, x_refsource_HP
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072vendor-advisory, x_refsource_MS
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/36187third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlthird-party-advisory, x_refsource_CERT
http://www.vupen.com/english/advisories/2009/2232vdb-entry, x_refsource_VUPEN
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlx_refsource_CONFIRM
http://secunia.com/advisories/36374third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/38568third-party-advisory, x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037vendor-advisory, x_refsource_MS
http://www.adobe.com/support/security/advisories/apsa09-04.htmlx_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/36746third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/41818third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35967third-party-advisory, x_refsource_SECUNIA
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.htmlvendor-advisory, x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1vendor-advisory, x_refsource_SUNALERT
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060vendor-advisory, x_refsource_MS
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055vendor-advisory, x_refsource_MS
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1vendor-advisory, x_refsource_SUNALERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473vdb-entry, signature, x_refsource_OVAL
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:15.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
          },
          {
            "name": "266108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6304",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
          },
          {
            "name": "ADV-2009-2034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "TA09-223A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6621",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "ADV-2010-0366",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0366"
          },
          {
            "name": "SSRT100013",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "MS09-072",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
          },
          {
            "name": "HPSBMA02488",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "36187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "TA09-342A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
          },
          {
            "name": "ADV-2009-2232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "38568",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38568"
          },
          {
            "name": "MS09-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
          },
          {
            "name": "oval:org.mitre.oval:def:6245",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
          },
          {
            "name": "oval:org.mitre.oval:def:6716",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
          },
          {
            "name": "36746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "oval:org.mitre.oval:def:6421",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
          },
          {
            "name": "41818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41818"
          },
          {
            "name": "35967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "SUSE-SA:2009:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
          },
          {
            "name": "1020775",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          },
          {
            "name": "MS09-055",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
          },
          {
            "name": "264648",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
          },
          {
            "name": "oval:org.mitre.oval:def:6473",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
        },
        {
          "name": "266108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
        },
        {
          "name": "oval:org.mitre.oval:def:6304",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
        },
        {
          "name": "ADV-2009-2034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2034"
        },
        {
          "name": "TA09-223A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6621",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
        },
        {
          "name": "ADV-2010-0366",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0366"
        },
        {
          "name": "SSRT100013",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "MS09-072",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
        },
        {
          "name": "HPSBMA02488",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "36187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36187"
        },
        {
          "name": "TA09-342A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
        },
        {
          "name": "ADV-2009-2232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
        },
        {
          "name": "36374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36374"
        },
        {
          "name": "38568",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38568"
        },
        {
          "name": "MS09-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
        },
        {
          "name": "oval:org.mitre.oval:def:6245",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
        },
        {
          "name": "oval:org.mitre.oval:def:6716",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
        },
        {
          "name": "36746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36746"
        },
        {
          "name": "oval:org.mitre.oval:def:6421",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
        },
        {
          "name": "41818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41818"
        },
        {
          "name": "35967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35967"
        },
        {
          "name": "SUSE-SA:2009:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
        },
        {
          "name": "1020775",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "MS09-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
        },
        {
          "name": "MS09-055",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
        },
        {
          "name": "264648",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
        },
        {
          "name": "oval:org.mitre.oval:def:6473",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
            },
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "oval:org.mitre.oval:def:6304",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6621",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
            },
            {
              "name": "http://www.openoffice.org/security/cves/CVE-2009-2493.html",
              "refsource": "CONFIRM",
              "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "ADV-2010-0366",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0366"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "MS09-072",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
            },
            {
              "name": "HPSBMA02488",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "TA09-342A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "38568",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38568"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
            },
            {
              "name": "oval:org.mitre.oval:def:6245",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
            },
            {
              "name": "oval:org.mitre.oval:def:6716",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "oval:org.mitre.oval:def:6421",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
            },
            {
              "name": "41818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41818"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "SUSE-SA:2009:053",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
            },
            {
              "name": "1020775",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            },
            {
              "name": "MS09-055",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
            },
            {
              "name": "264648",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
            },
            {
              "name": "oval:org.mitre.oval:def:6473",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2493",
    "datePublished": "2009-07-29T17:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:15.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-43603
Vulnerability from cvelistv5
Published
2024-10-08 17:36
Modified
2024-12-31 23:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.67
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.41
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.20
Microsoft Microsoft Visual Studio 2022 version 17.8 Version: 17.8.0   < 17.8.15
Microsoft Microsoft Visual Studio 2022 version 17.10 Version: 17.10   < 17.10.8
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27561.00
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43603",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T18:35:39.922024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-08T19:27:12.025Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.11.5",
              "status": "affected",
              "version": "17.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.67",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.41",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.20",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.15",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.8",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27561.00",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.11.5",
                  "versionStartIncluding": "17.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.67",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.41",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.20",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.15",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.8",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27561.00",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Collector Service Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T23:09:45.944Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Collector Service Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603"
        }
      ],
      "title": "Visual Studio Collector Service Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-43603",
    "datePublished": "2024-10-08T17:36:17.098Z",
    "dateReserved": "2024-08-14T01:08:33.551Z",
    "dateUpdated": "2024-12-31T23:09:45.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-0008
Vulnerability from cvelistv5
Published
2012-03-13 21:00
Modified
2024-08-06 18:09
Severity ?
Summary
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
References
http://secunia.com/advisories/48396third-party-advisory, x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021vendor-advisory, x_refsource_MS
https://exchange.xforce.ibmcloud.com/vulnerabilities/73537vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/52329vdb-entry, x_refsource_BID
http://www.us-cert.gov/cas/techalerts/TA12-073A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081vdb-entry, signature, x_refsource_OVAL
http://www.securitytracker.com/id?1026792vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48396",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48396"
          },
          {
            "name": "MS12-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
          },
          {
            "name": "ms-visual-studio-priv-esc(73537)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
          },
          {
            "name": "52329",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52329"
          },
          {
            "name": "TA12-073A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:15081",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
          },
          {
            "name": "1026792",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "48396",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48396"
        },
        {
          "name": "MS12-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
        },
        {
          "name": "ms-visual-studio-priv-esc(73537)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
        },
        {
          "name": "52329",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52329"
        },
        {
          "name": "TA12-073A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:15081",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
        },
        {
          "name": "1026792",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026792"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48396",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48396"
            },
            {
              "name": "MS12-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
            },
            {
              "name": "ms-visual-studio-priv-esc(73537)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
            },
            {
              "name": "52329",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52329"
            },
            {
              "name": "TA12-073A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:15081",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
            },
            {
              "name": "1026792",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026792"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2012-0008",
    "datePublished": "2012-03-13T21:00:00",
    "dateReserved": "2011-11-09T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4254
Vulnerability from cvelistv5
Published
2007-08-08 23:00
Modified
2024-08-07 14:46
Severity ?
Summary
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
References
http://osvdb.org/41080vdb-entry, x_refsource_OSVDB
https://www.exploit-db.com/exploits/4259exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:46:39.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "41080",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41080"
          },
          {
            "name": "4259",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4259"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method.  NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "41080",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41080"
        },
        {
          "name": "4259",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4259"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4254",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method.  NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "41080",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41080"
            },
            {
              "name": "4259",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4259"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4254",
    "datePublished": "2007-08-08T23:00:00",
    "dateReserved": "2007-08-08T00:00:00",
    "dateUpdated": "2024-08-07T14:46:39.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35825
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35825",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:55:18.625937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:55:28.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.50",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.9.24",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.18",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.0.13",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "11.0.61252.0",
                  "versionStartIncluding": "11.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "12.0.40699.0",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27552.0",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.7",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T19:34:56.178Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35825",
    "datePublished": "2022-08-09T20:12:22",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2025-01-02T19:34:56.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0727
Vulnerability from cvelistv5
Published
2019-05-16 18:17
Modified
2024-08-04 17:58
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Version: 10 for 32-bit Systems
Version: 10 for x64-based Systems
Version: 10 Version 1607 for 32-bit Systems
Version: 10 Version 1607 for x64-based Systems
Version: 10 Version 1703 for 32-bit Systems
Version: 10 Version 1703 for x64-based Systems
Version: 10 Version 1709 for 32-bit Systems
Version: 10 Version 1709 for x64-based Systems
Version: 10 Version 1803 for 32-bit Systems
Version: 10 Version 1803 for x64-based Systems
Version: 10 Version 1803 for ARM64-based Systems
Version: 10 Version 1809 for 32-bit Systems
Version: 10 Version 1809 for x64-based Systems
Version: 10 Version 1809 for ARM64-based Systems
Version: 10 Version 1709 for ARM64-based Systems
Microsoft Windows Server Version: 2016
Version: 2016 (Core installation)
Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Microsoft Microsoft Visual Studio 2017 Version: version 15.9
Version: 15.0
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:58:57.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            },
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 15.9"
            },
            {
              "status": "affected",
              "version": "15.0"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability\u0027."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-16T18:17:00",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          },
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 15.9"
                          },
                          {
                            "version_value": "15.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability\u0027."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0727",
    "datePublished": "2019-05-16T18:17:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:58:57.966Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2504
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6282",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6282",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2504",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6282",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2504",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8172
Vulnerability from cvelistv5
Published
2018-07-11 00:00
Modified
2024-08-05 06:46
Severity ?
Summary
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
References
http://www.securitytracker.com/id/1041253vdb-entry, x_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172x_refsource_CONFIRM
http://www.securityfocus.com/bid/104616vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Microsoft Expression Blend 4 Version: Service Pack 3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:13.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041253",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041253"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172"
          },
          {
            "name": "104616",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104616"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2010 Service Pack 1"
            },
            {
              "status": "affected",
              "version": "2012 Update 5"
            },
            {
              "status": "affected",
              "version": "2013 Update 5"
            },
            {
              "status": "affected",
              "version": "2015 Update 3"
            },
            {
              "status": "affected",
              "version": "2017"
            },
            {
              "status": "affected",
              "version": "2017 Version 15.7.5"
            },
            {
              "status": "affected",
              "version": "2017 Version 15.8 Preview"
            }
          ]
        },
        {
          "product": "Expression Blend 4",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Service Pack 3"
            }
          ]
        }
      ],
      "datePublic": "2018-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio, Expression Blend 4."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-07-11T09:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1041253",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041253"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172"
        },
        {
          "name": "104616",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104616"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2018-8172",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2010 Service Pack 1"
                          },
                          {
                            "version_value": "2012 Update 5"
                          },
                          {
                            "version_value": "2013 Update 5"
                          },
                          {
                            "version_value": "2015 Update 3"
                          },
                          {
                            "version_value": "2017"
                          },
                          {
                            "version_value": "2017 Version 15.7.5"
                          },
                          {
                            "version_value": "2017 Version 15.8 Preview"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Expression Blend 4",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Service Pack 3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio, Expression Blend 4."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041253",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041253"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172"
            },
            {
              "name": "104616",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104616"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2018-8172",
    "datePublished": "2018-07-11T00:00:00",
    "dateReserved": "2018-03-14T00:00:00",
    "dateUpdated": "2024-08-05T06:46:13.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-28313
Vulnerability from cvelistv5
Published
2021-04-13 19:32
Modified
2024-08-03 21:40
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Apr/40mailing-list, x_refsource_FULLDISC
http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*
Microsoft Windows Server version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:40:13.305Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313"
          },
          {
            "name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-04-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T19:21:09.441Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313"
        },
        {
          "name": "20210419 CVE-2021-28321-CVE-2021-28323: elevation of privileges in Microsoft Diaghub",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-28313",
    "datePublished": "2021-04-13T19:32:49",
    "dateReserved": "2021-03-12T00:00:00",
    "dateUpdated": "2024-08-03T21:40:13.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1133
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:25
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.0 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Microsoft Windows 10 Version 1803 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1709 for 32-bit Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1709 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for x64-based Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows Server, version 1903 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Windows Server 2016 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:25:01.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 1709 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1709",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-09-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\u003c/p\u003e\n\u003cp\u003eAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.\u003c/p\u003e\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-31T21:34:44.638Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1133",
    "datePublished": "2020-09-11T17:09:01",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:25:01.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-20656
Vulnerability from cvelistv5
Published
2024-01-09 17:57
Modified
2024-12-31 18:39
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.23
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.33
Microsoft Microsoft Visual Studio 2022 version 17.4 Version: 17.4.0   < 17.4.15
Microsoft Microsoft Visual Studio 2022 version 17.6 Version: 17.6.0   < 17.6.11
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27560.00
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20656",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-30T18:27:10.585358Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T20:58:39.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.344Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Elevation of Privilege Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.59",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.23",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.33",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.15",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.11",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27560.00",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.59",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.23",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.33",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.4.15",
                  "versionStartIncluding": "17.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.11",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27560.00",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-01-09T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-31T18:39:40.313Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
        }
      ],
      "title": "Visual Studio Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-20656",
    "datePublished": "2024-01-09T17:57:01.850Z",
    "dateReserved": "2023-11-28T22:58:12.114Z",
    "dateUpdated": "2024-12-31T18:39:40.313Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-16874
Vulnerability from cvelistv5
Published
2020-09-11 17:08
Modified
2024-08-04 13:45
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.0 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:45:34.227Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-09-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "\u003cp\u003eA remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how Visual Studio handles objects in memory.\u003c/p\u003e\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-31T21:35:05.625Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-16874",
    "datePublished": "2020-09-11T17:08:47",
    "dateReserved": "2020-08-04T00:00:00",
    "dateUpdated": "2024-08-04T13:45:34.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-3190
Vulnerability from cvelistv5
Published
2010-08-31 19:25
Modified
2024-08-07 03:03
Severity ?
Summary
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
References
https://support.apple.com/HT205221x_refsource_CONFIRM
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190x_refsource_CONFIRM
http://secunia.com/advisories/41212third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlthird-party-advisory, x_refsource_CERT
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/x_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025vendor-advisory, x_refsource_MS
http://www.securityfocus.com/bid/42811vdb-entry, x_refsource_BID
http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlvendor-advisory, x_refsource_APPLE
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:03:18.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT205221"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
          },
          {
            "name": "41212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41212"
          },
          {
            "name": "TA11-102A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
          },
          {
            "name": "oval:org.mitre.oval:def:12457",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
          },
          {
            "name": "MS11-025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
          },
          {
            "name": "42811",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/42811"
          },
          {
            "name": "APPLE-SA-2015-09-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-08-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/HT205221"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
        },
        {
          "name": "41212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41212"
        },
        {
          "name": "TA11-102A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
        },
        {
          "name": "oval:org.mitre.oval:def:12457",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
        },
        {
          "name": "MS11-025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
        },
        {
          "name": "42811",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/42811"
        },
        {
          "name": "APPLE-SA-2015-09-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3190",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205221",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/HT205221"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
            },
            {
              "name": "41212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41212"
            },
            {
              "name": "TA11-102A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
            },
            {
              "name": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/",
              "refsource": "MISC",
              "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
            },
            {
              "name": "oval:org.mitre.oval:def:12457",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
            },
            {
              "name": "MS11-025",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
            },
            {
              "name": "42811",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/42811"
            },
            {
              "name": "APPLE-SA-2015-09-16-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3190",
    "datePublished": "2010-08-31T19:25:00",
    "dateReserved": "2010-08-31T00:00:00",
    "dateUpdated": "2024-08-07T03:03:18.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1130
Vulnerability from cvelistv5
Published
2020-09-11 17:09
Modified
2024-08-04 06:25
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1709 for 32-bit Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1709 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for x64-based Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*
Microsoft Windows Server, version 1903 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Windows Server 2016 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.0 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:25:01.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "32-bit Systems"
          ],
          "product": "Windows 10 Version 1709 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1709",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1903:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-09-08T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\u003c/p\u003e\n\u003cp\u003eAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.\u003c/p\u003e\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-31T21:34:44.115Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1130",
    "datePublished": "2020-09-11T17:09:01",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:25:01.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-3704
Vulnerability from cvelistv5
Published
2008-08-18 19:00
Modified
2024-08-07 09:45
Severity ?
Summary
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
References
http://www.securitytracker.com/id?1020710vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/2380vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/3382vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/31498third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/30674vdb-entry, x_refsource_BID
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070vendor-advisory, x_refsource_MS
https://www.exploit-db.com/exploits/6244exploit, x_refsource_EXPLOIT-DB
http://support.avaya.com/elmodocs2/security/ASA-2008-473.htmx_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlthird-party-advisory, x_refsource_CERT
https://exchange.xforce.ibmcloud.com/vulnerabilities/44444vdb-entry, x_refsource_XF
https://www.exploit-db.com/exploits/6317exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:19.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1020710",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020710"
          },
          {
            "name": "ADV-2008-2380",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2380"
          },
          {
            "name": "ADV-2008-3382",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/3382"
          },
          {
            "name": "31498",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31498"
          },
          {
            "name": "oval:org.mitre.oval:def:5794",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"
          },
          {
            "name": "30674",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30674"
          },
          {
            "name": "MS08-070",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
          },
          {
            "name": "6244",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6244"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
          },
          {
            "name": "TA08-344A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
          },
          {
            "name": "visualstudio-maskededit-bo(44444)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"
          },
          {
            "name": "6317",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/6317"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-08-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not \"validating property values with boundary checks,\" as exploited in the wild in August 2008, aka \"Masked Edit Control Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1020710",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020710"
        },
        {
          "name": "ADV-2008-2380",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2380"
        },
        {
          "name": "ADV-2008-3382",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/3382"
        },
        {
          "name": "31498",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31498"
        },
        {
          "name": "oval:org.mitre.oval:def:5794",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"
        },
        {
          "name": "30674",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30674"
        },
        {
          "name": "MS08-070",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
        },
        {
          "name": "6244",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6244"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
        },
        {
          "name": "TA08-344A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
        },
        {
          "name": "visualstudio-maskededit-bo(44444)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"
        },
        {
          "name": "6317",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/6317"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3704",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not \"validating property values with boundary checks,\" as exploited in the wild in August 2008, aka \"Masked Edit Control Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1020710",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020710"
            },
            {
              "name": "ADV-2008-2380",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2380"
            },
            {
              "name": "ADV-2008-3382",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/3382"
            },
            {
              "name": "31498",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31498"
            },
            {
              "name": "oval:org.mitre.oval:def:5794",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"
            },
            {
              "name": "30674",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30674"
            },
            {
              "name": "MS08-070",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
            },
            {
              "name": "6244",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6244"
            },
            {
              "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm",
              "refsource": "CONFIRM",
              "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
            },
            {
              "name": "TA08-344A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
            },
            {
              "name": "visualstudio-maskededit-bo(44444)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"
            },
            {
              "name": "6317",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/6317"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3704",
    "datePublished": "2008-08-18T19:00:00",
    "dateReserved": "2008-08-18T00:00:00",
    "dateUpdated": "2024-08-07T09:45:19.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1293
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Server Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Version: 2016
Version: 2016 (Core installation)
Microsoft Windows 10 Version 1909 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1909 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1909 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1909 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: unspecified
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Microsoft Windows 10 Version 2004 for 32-bit Systems Version: unspecified
Microsoft Windows Server, version 2004 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Version: unspecified
Microsoft Microsoft Visual Studio Version: 2015 Update 3
Microsoft Windows 10 Version 2004 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 2004 for ARM64-based Systems Version: unspecified
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:31:59.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T19:43:56",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1293",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1293",
    "datePublished": "2020-06-09T19:43:56",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:31:59.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35826
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
Microsoft Microsoft Visual Studio 2022 version 17.2 Version: 17.2.0   < 17.2.7
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35826",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:26:13.774576Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:26:26.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.50",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.9.24",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.18",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.0.13",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "11.0.61252.0",
                  "versionStartIncluding": "11.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "12.0.40699.0",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27552.0",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.7",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T19:34:56.811Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35826",
    "datePublished": "2022-08-09T20:12:36",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2025-01-02T19:34:56.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2000-0162
Vulnerability from cvelistv5
Published
2000-03-22 05:00
Modified
2024-08-08 05:05
Severity ?
Summary
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T05:05:53.926Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS00-011",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2000-02-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-11-02T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MS00-011",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2000-0162",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS00-011",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2000-0162",
    "datePublished": "2000-03-22T05:00:00",
    "dateReserved": "2000-02-23T00:00:00",
    "dateUpdated": "2024-08-08T05:05:53.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2500
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.730Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:5967",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:5967",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2500",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:5967",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2500",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.730Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1976
Vulnerability from cvelistv5
Published
2011-08-10 21:16
Modified
2024-08-06 22:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067vendor-advisory, x_refsource_MS
http://marc.info/?l=bugtraq&m=145326307707460&w=2vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773vdb-entry, signature, x_refsource_OVAL
http://www.securityfocus.com/bid/49033vdb-entry, x_refsource_BID
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA11-221A.htmlthird-party-advisory, x_refsource_CERT
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:46:00.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MS11-067",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
          },
          {
            "name": "HPSBGN03534",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=145326307707460\u0026w=2"
          },
          {
            "name": "oval:org.mitre.oval:def:12773",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
          },
          {
            "name": "49033",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/49033"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
          },
          {
            "name": "TA11-221A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-08-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "MS11-067",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
        },
        {
          "name": "HPSBGN03534",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=145326307707460\u0026w=2"
        },
        {
          "name": "oval:org.mitre.oval:def:12773",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
        },
        {
          "name": "49033",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/49033"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
        },
        {
          "name": "TA11-221A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2011-1976",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MS11-067",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
            },
            {
              "name": "HPSBGN03534",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=145326307707460\u0026w=2"
            },
            {
              "name": "oval:org.mitre.oval:def:12773",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
            },
            {
              "name": "49033",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/49033"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
            },
            {
              "name": "TA11-221A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2011-1976",
    "datePublished": "2011-08-10T21:16:00",
    "dateReserved": "2011-05-09T00:00:00",
    "dateUpdated": "2024-08-06T22:46:00.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1202
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:25
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Server Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Version: 2016
Version: 2016 (Core installation)
Microsoft Windows 10 Version 1909 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1909 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1909 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1909 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: unspecified
Microsoft Microsoft Visual Studio Version: 2015 Update 3
Microsoft Windows 10 Version 2004 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 2004 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 2004 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 2004 for x64-based Systems Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Version: unspecified
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:25:01.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1203."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T19:43:22",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1202",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1203."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1202",
    "datePublished": "2020-06-09T19:43:22",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:25:01.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1393
Vulnerability from cvelistv5
Published
2020-07-14 22:54
Modified
2024-08-04 06:32
Severity ?
Summary
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Windows Server Version: 2019
Version: 2019 (Core installation)
Version: 2016
Version: 2016 (Core installation)
Microsoft Windows 10 Version 1909 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1909 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1909 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1909 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 2004 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 2004 for ARM64-based Systems Version: unspecified
Microsoft Windows 10 Version 2004 for x64-based Systems Version: unspecified
Microsoft Windows Server, version 2004 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: unspecified
Microsoft Microsoft Visual Studio Version: 2015 Update 3
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: unspecified
Microsoft Microsoft Visual Studio 2019 Version: 16.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:32:01.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka \u0027Windows Diagnostics Hub Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1418."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-14T22:54:23",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1393",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka \u0027Windows Diagnostics Hub Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1418."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1393",
    "datePublished": "2020-07-14T22:54:23",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:32:01.367Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2501
Vulnerability from cvelistv5
Published
2009-10-14 10:00
Modified
2024-08-07 05:52
Severity ?
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
References
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800vdb-entry, signature, x_refsource_OVAL
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.827Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:5800",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
          },
          {
            "name": "MS09-062",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-10-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:5800",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
        },
        {
          "name": "MS09-062",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2501",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:5800",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
            },
            {
              "name": "MS09-062",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2501",
    "datePublished": "2009-10-14T10:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.827Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-3802
Vulnerability from cvelistv5
Published
2014-05-20 23:00
Modified
2024-08-06 10:57
Severity ?
Summary
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
References
http://www.securityfocus.com/bid/67398vdb-entry, x_refsource_BID
http://zerodayinitiative.com/advisories/ZDI-14-129/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:57:17.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "67398",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67398"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-14-129/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-05-22T09:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "67398",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67398"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-14-129/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3802",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "67398",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67398"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-14-129/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-14-129/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3802",
    "datePublished": "2014-05-20T23:00:00",
    "dateReserved": "2014-05-20T00:00:00",
    "dateUpdated": "2024-08-06T10:57:17.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-1680
Vulnerability from cvelistv5
Published
2021-01-12 19:42
Modified
2024-10-08 16:17
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680vendor-advisory
Impacted products
Vendor Product Version
Microsoft Windows Server version 20H2 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1803 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*
Microsoft Windows 10 Version 1809 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*
Microsoft Windows Server 2019 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows Server 2019 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1909 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server, version 1909 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
Microsoft Windows Server version 2004 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*
Microsoft Windows 10 Version 1507 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Microsoft Windows 10 Version 1607 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
    cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Microsoft Windows Server 2016 Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Windows Server 2016 (Server Core installation) Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.8 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.0 Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: 16.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Version: 16.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < publication
    cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:11.477Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1507",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 1607",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2016 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-01-12T08:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-08T16:17:17.305Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680"
        }
      ],
      "title": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-1680",
    "datePublished": "2021-01-12T19:42:21",
    "dateReserved": "2020-12-02T00:00:00",
    "dateUpdated": "2024-10-08T16:17:17.305Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-0468
Vulnerability from cvelistv5
Published
2007-01-24 01:00
Modified
2024-08-07 12:19
Severity ?
Summary
Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/31665vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/457646/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/23856third-party-advisory, x_refsource_SECUNIA
http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cppx_refsource_MISC
http://www.vupen.com/english/advisories/2007/0296vdb-entry, x_refsource_VUPEN
http://securityreason.com/securityalert/2172third-party-advisory, x_refsource_SREASON
http://osvdb.org/31607vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "visualstudio-rc-bo(31665)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31665"
          },
          {
            "name": "20070122 Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457646/100/0/threaded"
          },
          {
            "name": "23856",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23856"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp"
          },
          {
            "name": "ADV-2007-0296",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0296"
          },
          {
            "name": "2172",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2172"
          },
          {
            "name": "31607",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/31607"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the \"1 TYPELIB MOVEABLE PURE\" option in an RC file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "visualstudio-rc-bo(31665)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31665"
        },
        {
          "name": "20070122 Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457646/100/0/threaded"
        },
        {
          "name": "23856",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23856"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp"
        },
        {
          "name": "ADV-2007-0296",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0296"
        },
        {
          "name": "2172",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/2172"
        },
        {
          "name": "31607",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/31607"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0468",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the \"1 TYPELIB MOVEABLE PURE\" option in an RC file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "visualstudio-rc-bo(31665)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31665"
            },
            {
              "name": "20070122 Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457646/100/0/threaded"
            },
            {
              "name": "23856",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23856"
            },
            {
              "name": "http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp",
              "refsource": "MISC",
              "url": "http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp"
            },
            {
              "name": "ADV-2007-0296",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0296"
            },
            {
              "name": "2172",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/2172"
            },
            {
              "name": "31607",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/31607"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0468",
    "datePublished": "2007-01-24T01:00:00",
    "dateReserved": "2007-01-23T00:00:00",
    "dateUpdated": "2024-08-07T12:19:30.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1257
Vulnerability from cvelistv5
Published
2020-06-09 19:43
Modified
2024-08-04 06:31
Severity ?
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257x_refsource_MISC
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: unspecified
Microsoft Windows 10 Version 2004 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 2004 for ARM64-based Systems Version: unspecified
Microsoft Windows Version: 10 Version 1803 for 32-bit Systems
Version: 10 Version 1803 for x64-based Systems
Version: 10 Version 1803 for ARM64-based Systems
Version: 10 Version 1809 for 32-bit Systems
Version: 10 Version 1809 for x64-based Systems
Version: 10 Version 1809 for ARM64-based Systems
Version: 10 Version 1709 for 32-bit Systems
Version: 10 Version 1709 for x64-based Systems
Version: 10 Version 1709 for ARM64-based Systems
Version: 10 Version 1607 for 32-bit Systems
Version: 10 Version 1607 for x64-based Systems
Microsoft Windows Server Version: version 1803 (Core Installation)
Version: 2019
Version: 2019 (Core installation)
Version: 2016
Version: 2016 (Core installation)
Microsoft Windows 10 Version 1909 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1909 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1909 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1909 (Server Core installation) Version: unspecified
Microsoft Windows 10 Version 1903 for 32-bit Systems Version: unspecified
Microsoft Windows 10 Version 1903 for x64-based Systems Version: unspecified
Microsoft Windows 10 Version 1903 for ARM64-based Systems Version: unspecified
Microsoft Windows Server, version 1903 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Version: unspecified
Microsoft Microsoft Visual Studio Version: 2015 Update 3
Microsoft Windows 10 Version 2004 for x64-based Systems Version: unspecified
Microsoft Windows Server, version 2004 (Server Core installation) Version: unspecified
Microsoft Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5) Version: unspecified
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:31:59.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Visual Studio 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "16.0"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1709 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "10 Version 1607 for x64-based Systems"
            }
          ]
        },
        {
          "product": "Windows Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "version 1803  (Core Installation)"
            },
            {
              "status": "affected",
              "version": "2019"
            },
            {
              "status": "affected",
              "version": "2019  (Core installation)"
            },
            {
              "status": "affected",
              "version": "2016"
            },
            {
              "status": "affected",
              "version": "2016  (Core installation)"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1909 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for 32-bit Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows 10 Version 1903 for ARM64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 1903 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "2015 Update 3"
            }
          ]
        },
        {
          "product": "Windows 10 Version 2004 for x64-based Systems",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Windows Server, version 2004 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        },
        {
          "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-09T19:43:41",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2020-1257",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Visual Studio 2019",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1709 for ARM64-based Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for 32-bit Systems"
                          },
                          {
                            "version_value": "10 Version 1607 for x64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 1803  (Core Installation)"
                          },
                          {
                            "version_value": "2019"
                          },
                          {
                            "version_value": "2019  (Core installation)"
                          },
                          {
                            "version_value": "2016"
                          },
                          {
                            "version_value": "2016  (Core installation)"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1909 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1909 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for 32-bit Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 1903 for ARM64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 1903 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2015 Update 3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows 10 Version 2004 for x64-based Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Windows Server, version 2004 (Server Core installation)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of Privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2020-1257",
    "datePublished": "2020-06-09T19:43:41",
    "dateReserved": "2019-11-04T00:00:00",
    "dateUpdated": "2024-08-04T06:31:59.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3146
Vulnerability from cvelistv5
Published
2021-04-08 19:46
Modified
2024-08-03 16:45
Severity ?
Summary
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.
References
https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdfx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:51.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-08T19:46:48",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-3146",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf",
              "refsource": "MISC",
              "url": "https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-3146",
    "datePublished": "2021-04-08T19:46:48",
    "dateReserved": "2021-01-14T00:00:00",
    "dateUpdated": "2024-08-03T16:45:51.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-0901
Vulnerability from cvelistv5
Published
2009-07-29 17:00
Modified
2024-08-07 04:48
Severity ?
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
References
http://www.adobe.com/support/security/bulletins/apsb09-11.htmlx_refsource_CONFIRM
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1vendor-advisory, x_refsource_SUNALERT
http://www.securityfocus.com/bid/35832vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2009/2034vdb-entry, x_refsource_VUPEN
http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlthird-party-advisory, x_refsource_CERT
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlx_refsource_CONFIRM
http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035vendor-advisory, x_refsource_MS
http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxx_refsource_MISC
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisory, x_refsource_HP
http://secunia.com/advisories/36187third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311vdb-entry, signature, x_refsource_OVAL
http://www.vupen.com/english/advisories/2009/2232vdb-entry, x_refsource_VUPEN
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlx_refsource_CONFIRM
http://secunia.com/advisories/36374third-party-advisory, x_refsource_SECUNIA
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037vendor-advisory, x_refsource_MS
http://www.adobe.com/support/security/advisories/apsa09-04.htmlx_refsource_CONFIRM
http://secunia.com/advisories/36746third-party-advisory, x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/35967third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:48:52.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
          },
          {
            "name": "266108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "35832",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/35832"
          },
          {
            "name": "ADV-2009-2034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "TA09-223A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
          },
          {
            "name": "oval:org.mitre.oval:def:7581",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
          },
          {
            "name": "oval:org.mitre.oval:def:6289",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
          },
          {
            "name": "SSRT100013",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "HPSBMA02488",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "36187",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36187"
          },
          {
            "name": "oval:org.mitre.oval:def:6311",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
          },
          {
            "name": "ADV-2009-2232",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2232"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "MS09-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
          },
          {
            "name": "36746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "oval:org.mitre.oval:def:6373",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
          },
          {
            "name": "35967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
        },
        {
          "name": "266108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
        },
        {
          "name": "35832",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/35832"
        },
        {
          "name": "ADV-2009-2034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2034"
        },
        {
          "name": "TA09-223A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
        },
        {
          "name": "oval:org.mitre.oval:def:7581",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
        },
        {
          "name": "oval:org.mitre.oval:def:6289",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
        },
        {
          "name": "SSRT100013",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "HPSBMA02488",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "36187",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36187"
        },
        {
          "name": "oval:org.mitre.oval:def:6311",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
        },
        {
          "name": "ADV-2009-2232",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2232"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
        },
        {
          "name": "36374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36374"
        },
        {
          "name": "MS09-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
        },
        {
          "name": "36746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36746"
        },
        {
          "name": "oval:org.mitre.oval:def:6373",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
        },
        {
          "name": "35967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35967"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "MS09-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0901",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
            },
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "35832",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/35832"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "TA09-223A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            },
            {
              "name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
            },
            {
              "name": "oval:org.mitre.oval:def:7581",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
            },
            {
              "name": "oval:org.mitre.oval:def:6289",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "HPSBMA02488",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "36187",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36187"
            },
            {
              "name": "oval:org.mitre.oval:def:6311",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
            },
            {
              "name": "ADV-2009-2232",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2232"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "MS09-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
            },
            {
              "name": "http://www.adobe.com/support/security/advisories/apsa09-04.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "oval:org.mitre.oval:def:6373",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0901",
    "datePublished": "2009-07-29T17:00:00",
    "dateReserved": "2009-03-14T00:00:00",
    "dateUpdated": "2024-08-07T04:48:52.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2495
Vulnerability from cvelistv5
Published
2009-07-29 17:00
Modified
2024-08-07 05:52
Severity ?
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
References
http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1vendor-advisory, x_refsource_SUNALERT
http://www.vupen.com/english/advisories/2009/2034vdb-entry, x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573vdb-entry, signature, x_refsource_OVAL
http://www.adobe.com/support/security/bulletins/apsb09-13.htmlx_refsource_CONFIRM
http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478vdb-entry, signature, x_refsource_OVAL
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305vdb-entry, signature, x_refsource_OVAL
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=126592505426855&w=2vendor-advisory, x_refsource_HP
http://www.adobe.com/support/security/bulletins/apsb09-10.htmlx_refsource_CONFIRM
http://secunia.com/advisories/36374third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/36746third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/35967third-party-advisory, x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlthird-party-advisory, x_refsource_CERT
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060vendor-advisory, x_refsource_MS
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:52:14.722Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "266108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
          },
          {
            "name": "ADV-2009-2034",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2034"
          },
          {
            "name": "oval:org.mitre.oval:def:7573",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
          },
          {
            "name": "oval:org.mitre.oval:def:6478",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478"
          },
          {
            "name": "TA09-286A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
          },
          {
            "name": "MS09-035",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
          },
          {
            "name": "oval:org.mitre.oval:def:6305",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305"
          },
          {
            "name": "SSRT100013",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "name": "HPSBMA02488",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
          },
          {
            "name": "36374",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36374"
          },
          {
            "name": "36746",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36746"
          },
          {
            "name": "35967",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35967"
          },
          {
            "name": "TA09-195A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
          },
          {
            "name": "MS09-060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-07-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka \"ATL Null String Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "266108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
        },
        {
          "name": "ADV-2009-2034",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2034"
        },
        {
          "name": "oval:org.mitre.oval:def:7573",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
        },
        {
          "name": "oval:org.mitre.oval:def:6478",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478"
        },
        {
          "name": "TA09-286A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
        },
        {
          "name": "MS09-035",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
        },
        {
          "name": "oval:org.mitre.oval:def:6305",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305"
        },
        {
          "name": "SSRT100013",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "name": "HPSBMA02488",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
        },
        {
          "name": "36374",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36374"
        },
        {
          "name": "36746",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36746"
        },
        {
          "name": "35967",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35967"
        },
        {
          "name": "TA09-195A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
        },
        {
          "name": "MS09-060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-2495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka \"ATL Null String Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "266108",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
            },
            {
              "name": "ADV-2009-2034",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2034"
            },
            {
              "name": "oval:org.mitre.oval:def:7573",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-13.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
            },
            {
              "name": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
            },
            {
              "name": "oval:org.mitre.oval:def:6478",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478"
            },
            {
              "name": "TA09-286A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
            },
            {
              "name": "MS09-035",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
            },
            {
              "name": "oval:org.mitre.oval:def:6305",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305"
            },
            {
              "name": "SSRT100013",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "HPSBMA02488",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb09-10.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
            },
            {
              "name": "36374",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36374"
            },
            {
              "name": "36746",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36746"
            },
            {
              "name": "35967",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/35967"
            },
            {
              "name": "TA09-195A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
            },
            {
              "name": "MS09-060",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-2495",
    "datePublished": "2009-07-29T17:00:00",
    "dateReserved": "2009-07-17T00:00:00",
    "dateUpdated": "2024-08-07T05:52:14.722Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-4890
Vulnerability from cvelistv5
Published
2007-09-14 01:00
Modified
2024-08-07 15:08
Severity ?
Summary
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
References
http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.htmlx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/36571vdb-entry, x_refsource_XF
https://www.exploit-db.com/exploits/4394exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/26779third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/25635vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:08:34.147Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html"
          },
          {
            "name": "visualstudio-vbtovsi-file-overwrite(36571)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36571"
          },
          {
            "name": "4394",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/4394"
          },
          {
            "name": "26779",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26779"
          },
          {
            "name": "25635",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25635"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method.  NOTE: contents can be copied from local files via the Load method."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html"
        },
        {
          "name": "visualstudio-vbtovsi-file-overwrite(36571)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36571"
        },
        {
          "name": "4394",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/4394"
        },
        {
          "name": "26779",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26779"
        },
        {
          "name": "25635",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25635"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-4890",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method.  NOTE: contents can be copied from local files via the Load method."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html",
              "refsource": "MISC",
              "url": "http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html"
            },
            {
              "name": "visualstudio-vbtovsi-file-overwrite(36571)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36571"
            },
            {
              "name": "4394",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/4394"
            },
            {
              "name": "26779",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26779"
            },
            {
              "name": "25635",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25635"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-4890",
    "datePublished": "2007-09-14T01:00:00",
    "dateReserved": "2007-09-13T00:00:00",
    "dateUpdated": "2024-08-07T15:08:34.147Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-35827
Vulnerability from cvelistv5
Published
2022-08-09 20:12
Modified
2025-01-02 19:34
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827vendor-advisory
Impacted products
Vendor Product Version
Microsoft Microsoft Visual Studio 2022 version 17.0 Version: 17.0.0   < 17.0.13
Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Version: 15.9.0   < 15.9.50
Microsoft Microsoft Visual Studio 2015 Update 3 Version: 14.0.0   < 14.0.27552.0
Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Version: 16.11.0   < 16.11.18
Microsoft Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Version: 15.0.0   < 16.9.24
Microsoft Microsoft Visual Studio 2013 Update 5 Version: 12.0.0   < 12.0.40699.0
Microsoft Microsoft Visual Studio 2012 Update 5 Version: 11.0.0   < 11.0.61252.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:44:22.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Visual Studio Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-35827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T19:23:43.503677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T19:25:36.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.2.7",
              "status": "affected",
              "version": "17.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.0.13",
              "status": "affected",
              "version": "17.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.9.50",
              "status": "affected",
              "version": "15.9.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2015 Update 3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "14.0.27552.0",
              "status": "affected",
              "version": "14.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.18",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.9.24",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2013 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "12.0.40699.0",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2012 Update 5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "11.0.61252.0",
              "status": "affected",
              "version": "11.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.2.7",
                  "versionStartIncluding": "17.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.0.13",
                  "versionStartIncluding": "17.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "15.9.50",
                  "versionStartIncluding": "15.9.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                  "versionEndExcluding": "14.0.27552.0",
                  "versionStartIncluding": "14.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.11.18",
                  "versionStartIncluding": "16.11.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "16.9.24",
                  "versionStartIncluding": "15.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "12.0.40699.0",
                  "versionStartIncluding": "12.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                  "versionEndExcluding": "11.0.61252.0",
                  "versionStartIncluding": "11.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2022-08-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Visual Studio Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-02T19:34:57.317Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Visual Studio Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
        }
      ],
      "title": "Visual Studio Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2022-35827",
    "datePublished": "2022-08-09T20:12:50",
    "dateReserved": "2022-07-13T00:00:00",
    "dateUpdated": "2025-01-02T19:34:57.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2019-01-08 21:29
Modified
2024-11-21 04:16
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
secure@microsoft.comhttp://www.securityfocus.com/bid/106390Third Party Advisory, VDB Entry
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106390Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2010
microsoft visual_studio 2012


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Visual Studio divulga los contenidos de archivos arbitrarios si la v\u00edctima abre un archivo malicioso \".vscontent\". Esto tambi\u00e9n se conoce como \"Microsoft Visual Studio Information Disclosure Vulnerability\". Esto afecta a Microsoft Visual Studio."
    }
  ],
  "id": "CVE-2019-0537",
  "lastModified": "2024-11-21T04:16:48.713",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-08T21:29:00.317",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106390"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106390"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-15 19:15
Modified
2024-11-21 04:35
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2010
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "718C39FC-A564-4CE4-B88F-C9D7108764DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka \u0027Visual Studio Information Disclosure Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Visual Studio analiza inapropiadamente la entrada XML en ciertos archivos de configuraci\u00f3n, tambi\u00e9n se conoce como \"Visual Studio Information Disclosure Vulnerability\"."
    }
  ],
  "id": "CVE-2019-1079",
  "lastModified": "2024-11-21T04:35:58.427",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-15T19:15:17.607",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2001-05-03 04:00
Modified
2024-11-20 23:34
Severity ?
Summary
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
References
cve@mitre.orghttp://razor.bindview.com/publish/advisories/adv_vbtsql.htmlPatch, Vendor Advisory
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018
af854a3a-2127-422b-91ae-364da2661108http://razor.bindview.com/publish/advisories/adv_vbtsql.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018
Impacted products
Vendor Product Version
microsoft visual_basic 6.0
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:6.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "6E335F67-3944-4AE1-A029-82AA7949292B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "5167480D-01B7-4E58-A2FE-6684FA582130",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands."
    }
  ],
  "id": "CVE-2001-0153",
  "lastModified": "2024-11-20T23:34:43.650",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2001-05-03T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://razor.bindview.com/publish/advisories/adv_vbtsql.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://razor.bindview.com/publish/advisories/adv_vbtsql.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-11 00:29
Modified
2024-11-21 04:13
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
References
secure@microsoft.comhttp://www.securityfocus.com/bid/104616Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1041253Broken Link, Third Party Advisory, VDB Entry
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104616Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041253Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft expression_blend 2
microsoft expression_blend 3
microsoft expression_blend 4
microsoft visual_studio 2010
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 -
microsoft visual_studio_2017 15.7.5


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:expression_blend:2:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "8854E4AC-9D27-4DD7-8F95-038DE041F310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_blend:3:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BCD59FF3-A586-4DCD-90DC-B084C46AC459",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_blend:4:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "E631F620-3093-469F-BEC9-D7EEAC424F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA983E6-A2DA-48BB-9874-14CF4B3AAE15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8018249-9F39-42A0-B17C-A3AF51D7D253",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka \"Visual Studio Remote Code Execution Vulnerability.\" This affects Microsoft Visual Studio, Expression Blend 4."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el software de Visual Studio cuando el software no comprueba el marcado de fuentes de un archivo para un proyecto sin implementar. Esto tambi\u00e9n se conoce como \"Visual Studio Remote Code Execution Vulnerability\". Esto afecta a Microsoft Visual Studio y Expression Blend 4."
    }
  ],
  "id": "CVE-2018-8172",
  "lastModified": "2024-11-21T04:13:23.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-11T00:29:00.367",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104616"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041253"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041253"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-08-18 19:41
Modified
2024-11-21 00:49
Severity ?
Summary
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
References
cve@mitre.orghttp://secunia.com/advisories/31498Vendor Advisory
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
cve@mitre.orghttp://www.securityfocus.com/bid/30674Exploit, Patch
cve@mitre.orghttp://www.securitytracker.com/id?1020710
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/2380Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3382Vendor Advisory
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/44444
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794
cve@mitre.orghttps://www.exploit-db.com/exploits/6244
cve@mitre.orghttps://www.exploit-db.com/exploits/6317
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/31498Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/30674Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1020710
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA08-344A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/2380Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3382Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/44444
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6244
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6317
Impacted products
Vendor Product Version
microsoft visual_basic 6.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft visual_foxpro 9.0
microsoft visual_studio 6.0
microsoft visual_studio_.net 2002
microsoft visual_studio_.net 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_basic:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D281B3-B2E0-4E36-B1BD-83865AE4B3C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "478347F8-6256-4DE6-AD6A-91631A9E6DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "747E3E3A-85C1-4E55-B7F8-C5207F247498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not \"validating property values with boundary checks,\" as exploited in the wild in August 2008, aka \"Masked Edit Control Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en el control ActiveX de MaskedEdit en msmask32.ocx versi\u00f3n 6.0.81.69, y posiblemente en otras versiones anteriores a 6.0.84.18, en Visual Studio versi\u00f3n 6.0, Visual Basic versi\u00f3n 6.0, Visual Studio .NET 2002 SP1 y 2003 SP1, y Visual FoxPro versiones 8.0 SP1 y 9.0 SP1 y SP2, de Microsoft, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un par\u00e1metro Mask largo, relacionado con la no \"validating property values with boundary checks\", como se explot\u00f3 \u201cin the wild\u201d en Agosto de 2008, tambi\u00e9n se conoce como \"Masked Edit Control Memory Corruption Vulnerability\"."
    }
  ],
  "evaluatorComment": "Additional advisory information from Secunia: http://secunia.com/advisories/31498/",
  "evaluatorSolution": "\"Visual Studio 6 was last updated June 2000, a Microsoft spokeswoman told SCMagazineUS.com. The version is no longer supported.  Visual Studio 2008 is the latest release and microsoft encourages users to update to the newest version.\"\r\n\r\nSource: http://www.scmagazineus.com/Microsoft-looks-into-Visual-Studio-bug/article/115459/",
  "id": "CVE-2008-3704",
  "lastModified": "2024-11-21T00:49:55.123",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2008-08-18T19:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31498"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30674"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020710"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3382"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6244"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31498"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-473.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/30674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/2380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/3382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-070"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6317"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1278, CVE-2020-1293"
    }
  ],
  "id": "CVE-2020-1257",
  "lastModified": "2024-11-21T05:10:06.083",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T20:15:16.850",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1257"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-07-29 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka "ATL COM Initialization Vulnerability."
References
secure@microsoft.comhttp://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxBroken Link
secure@microsoft.comhttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.htmlThird Party Advisory
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=126592505426855&w=2Third Party Advisory
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=126592505426855&w=2Third Party Advisory
secure@microsoft.comhttp://secunia.com/advisories/35967
secure@microsoft.comhttp://secunia.com/advisories/36187
secure@microsoft.comhttp://secunia.com/advisories/36374
secure@microsoft.comhttp://secunia.com/advisories/36746
secure@microsoft.comhttp://secunia.com/advisories/38568
secure@microsoft.comhttp://secunia.com/advisories/41818
secure@microsoft.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1Broken Link
secure@microsoft.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1Broken Link
secure@microsoft.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1Broken Link
secure@microsoft.comhttp://www.adobe.com/support/security/advisories/apsa09-04.htmlPatch, Third Party Advisory
secure@microsoft.comhttp://www.adobe.com/support/security/bulletins/apsb09-10.htmlThird Party Advisory
secure@microsoft.comhttp://www.adobe.com/support/security/bulletins/apsb09-11.htmlPatch, Third Party Advisory
secure@microsoft.comhttp://www.adobe.com/support/security/bulletins/apsb09-13.htmlThird Party Advisory
secure@microsoft.comhttp://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1Third Party Advisory
secure@microsoft.comhttp://www.openoffice.org/security/cves/CVE-2009-2493.htmlThird Party Advisory
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-195A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-223A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-342A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2009/2034
secure@microsoft.comhttp://www.vupen.com/english/advisories/2009/2232
secure@microsoft.comhttp://www.vupen.com/english/advisories/2010/0366
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716
af854a3a-2127-422b-91ae-364da2661108http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspxBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126592505426855&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126592505426855&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36187
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38568
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41818
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa09-04.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-10.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-11.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-13.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/security/cves/CVE-2009-2493.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2232
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0366
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716
Impacted products
Vendor Product Version
microsoft visual_c\+\+ 2005
microsoft visual_c\+\+ 2008
microsoft visual_c\+\+ 2008
microsoft windows_2000 *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 -
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista -
microsoft windows_xp *
microsoft windows_xp *
microsoft visual_studio 2003
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2008


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "882CDAE9-EC03-48E6-814C-50236B8F0B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "27438900-81A7-41CD-AA17-1DA9F35C98D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A4E0021F-ABB9-4FB4-BC1C-5098F2E66371",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0C28897B-044A-447B-AD76-6397F8190177",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0A0D2704-C058-420B-B368-372D1129E914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CAEEA81-5037-4B68-98D9-83AAEBC98E20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A9AD97AF-1F2A-483D-86F2-764ECEC31BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly restrict use of OleLoadFromStream in instantiating objects from data streams, which allows remote attackers to execute arbitrary code via a crafted HTML document with an ATL (1) component or (2) control, related to ATL headers and bypassing security policies, aka \"ATL COM Initialization Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La Active Template Library (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold y SP1, y Visual C++ 2005 SP1 y 2008 Gold y SP1 no restringe adecuadamente el uso de OleLoadFromStream en la instanciaci\u00f3n de objetos desde el flujo de datos, lo que permite a atacantes remotos  ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado con un (1)control o (2) componente, relacionado con las cabeceras ATL y el evitar las pol\u00edticas de seguridad. Tambi\u00e9n conocida como \"Vulnerabilidad de Inicializaci\u00f3n ATL COM\"."
    }
  ],
  "id": "CVE-2009-2493",
  "lastModified": "2024-11-21T01:05:00.613",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-07-29T17:30:01.233",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/38568"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2010/0366"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/38568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/41818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.openoffice.org/security/cves/CVE-2009-2493.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/0366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
secure@microsoft.comhttp://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
secure@microsoft.comhttp://seclists.org/fulldisclosure/2021/Apr/40Mailing List, Third Party Advisory
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Apr/40Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft windows_10 20h2
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 20h2
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D7DA66-67F6-4B60-AF63-38C3C2C758AB",
              "versionEndIncluding": "16.7",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "861B2F5D-4549-4186-BD88-A5180F4D83DF",
              "versionEndIncluding": "16.9",
              "versionStartIncluding": "16.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios del Diagnostics Hub Standard Collector Service. Este ID de CVE es diferente de CVE-2021-28313, CVE-2021-28321"
    }
  ],
  "id": "CVE-2021-28322",
  "lastModified": "2024-11-21T05:59:29.037",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-04-13T20:15:17.030",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28322"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24A94DC-945C-42E3-91FD-CB0B541D8C51",
              "versionEndExcluding": "15.9.27",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E37F70-BFA4-40AF-AFB5-E0771CD1426E",
              "versionEndExcluding": "16.4.13",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "774D798B-0012-4174-AB23-514260463404",
              "versionEndExcluding": "16.7.3",
              "versionStartIncluding": "16.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\u003c/p\u003e\n\u003cp\u003eAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.\u003c/p\u003e\n"
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de datos, tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-1133"
    }
  ],
  "id": "CVE-2020-1130",
  "lastModified": "2024-11-21T05:09:48.543",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 4.7,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-09-11T17:15:19.043",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1130"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-14 23:15
Modified
2024-11-21 05:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "718C39FC-A564-4CE4-B88F-C9D7108764DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A73D1417-E2B9-4ECD-B637-46D22B21F229",
              "versionEndExcluding": "15.9.25",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F6E8E7-78B8-4F60-8C6F-18888607E55B",
              "versionEndExcluding": "16.4.11",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08D757E7-5BC3-4671-9A34-2AE4946FF86B",
              "versionEndExcluding": "16.6.4",
              "versionStartIncluding": "16.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka \u0027Windows Diagnostics Hub Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1418."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Windows Diagnostics Hub Standard Collector Service presenta un fallo al sanear apropiadamente la entrada, lo que conlleva a un comportamiento de carga de biblioteca no seguro, tambi\u00e9n se conoce como \"Windows Diagnostics Hub Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1418"
    }
  ],
  "id": "CVE-2020-1393",
  "lastModified": "2024-11-21T05:10:24.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-14T23:15:16.073",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "718C39FC-A564-4CE4-B88F-C9D7108764DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1202."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando Diagnostics Hub Standard Collector o Visual Studio Standard Collector presenta un fallo al manejar apropiadamente objetos en memoria, tambi\u00e9n se conoce como \"Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1202"
    }
  ],
  "id": "CVE-2020-1203",
  "lastModified": "2024-11-21T05:09:58.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T20:15:13.740",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1203"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-08-10 21:55
Modified
2024-11-21 01:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=145326307707460&w=2Third Party Advisory
secure@microsoft.comhttp://www.securityfocus.com/bid/49033
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA11-221A.htmlThird Party Advisory, US Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067
secure@microsoft.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270Third Party Advisory
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=145326307707460&w=2Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/49033
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-221A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773
Impacted products
Vendor Product Version
microsoft report_viewer 2005
microsoft report_viewer 2005
microsoft visual_studio 2005


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "033138E1-82C7-443C-89C1-23D8032674CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka \"Report Viewer Controls XSS Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el control \"Report Viewer\" de Microsoft Visual Studio 2005 SP1 y Report Viewer 2005 SP1 permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un par\u00e1metro en una fuente de datos. Tambi\u00e9n conocido como \"Vulnerabilidad XSS en el control Report Viewer\"."
    }
  ],
  "id": "CVE-2011-1976",
  "lastModified": "2024-11-21T01:27:25.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-08-10T21:55:01.953",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=145326307707460\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/49033"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://marc.info/?l=bugtraq\u0026m=145326307707460\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/49033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-221A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04945270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12773"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-08 20:15
Modified
2024-11-21 06:20
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges.
References
cve@mitre.orghttps://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdfVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdfVendor Advisory
Impacted products
Vendor Product Version
dolby audio_x2 *
microsoft exchange_server 2010
microsoft exchange_server 2013
microsoft visual_c\+\+ 2005
microsoft visual_c\+\+ 2008
microsoft visual_c\+\+ 2010
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2010
microsoft visual_studio_.net 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dolby:audio_x2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EC4CE97-1834-4AAD-B6CE-C6833060ADB8",
              "versionEndExcluding": "0.8.8.90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2010:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "3E5EA9AD-1E84-4AB5-A1EF-3B9F2AC84755",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:exchange_server:2013:-:*:*:*:*:*:*",
              "matchCriteriaId": "27EF8DB7-D5A0-47A8-9F69-7D0259490D69",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "882CDAE9-EC03-48E6-814C-50236B8F0B93",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A4E0021F-ABB9-4FB4-BC1C-5098F2E66371",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:-:*:*:*:*:*:*",
              "matchCriteriaId": "8510550C-3A26-4BB3-A5F3-11D591DD0CE6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DFC93-9533-4893-B634-0551CDE7D252",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Dolby Audio X2 (DAX2) API service before 0.8.8.90 on Windows allows local users to gain privileges."
    },
    {
      "lang": "es",
      "value": "El servicio de API Dolby Audio X2 (DAX2) versiones anteriores a 0.8.8.90 en Windows permite a los usuarios locales obtener privilegios"
    }
  ],
  "id": "CVE-2021-3146",
  "lastModified": "2024-11-21T06:20:59.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-08T20:15:13.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://professional.dolby.com/siteassets/pdfs/dolby-dax2-security-advisory-2021-04-07.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Heap Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen PNG manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer basado en pila GDI+ PNG\"."
    }
  ],
  "id": "CVE-2009-2501",
  "lastModified": "2024-11-21T01:05:01.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.360",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5800"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-03-13 21:55
Modified
2024-11-21 01:34
Severity ?
Summary
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
References
secure@microsoft.comhttp://secunia.com/advisories/48396
secure@microsoft.comhttp://www.securityfocus.com/bid/52329
secure@microsoft.comhttp://www.securitytracker.com/id?1026792
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA12-073A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/73537
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48396
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52329
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026792
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA12-073A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/73537
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081
Impacted products
Vendor Product Version
microsoft visual_studio 2008
microsoft visual_studio 2010
microsoft visual_studio 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Microsoft Visual Studio 2008 SP1, 2010, y 2010 SP1 permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya en un directorio especificado, tambi\u00e9n conocido como Visual Studio Add-In Vulnerability.\""
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027\r\n",
  "evaluatorImpact": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021\r\n\r\n\u0027An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.\u0027\r\n\r\n\u0027The vulnerability could not be exploited remotely or by anonymous users.\u0027",
  "id": "CVE-2012-0008",
  "lastModified": "2024-11-21T01:34:11.113",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T21:55:01.277",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/48396"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/52329"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1026792"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-10-08 18:15
Modified
2024-10-17 19:55
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Visual Studio Collector Service Denial of Service Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23634494-9964-4281-B202-0FABD7312448",
              "versionEndExcluding": "15.9.67",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2021602-110C-4F29-A538-6B609C6FE5C0",
              "versionEndExcluding": "16.11.41",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18D2A92E-FB5F-4892-A7EF-0DBD26281248",
              "versionEndExcluding": "17.6.20",
              "versionStartIncluding": "17.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34609790-24EF-448C-8AED-9BF831D73629",
              "versionEndExcluding": "17.8.15",
              "versionStartIncluding": "17.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "480AA116-1C38-4778-A84D-321278AEC747",
              "versionEndExcluding": "17.10.8",
              "versionStartIncluding": "17.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD8D6C06-D7AB-4E82-AAD6-4240603B6AC6",
              "versionEndExcluding": "17.11.5",
              "versionStartIncluding": "17.11.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Collector Service Denial of Service Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio recopilador de Visual Studio"
    }
  ],
  "id": "CVE-2024-43603",
  "lastModified": "2024-10-17T19:55:34.360",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-10-08T18:15:28.150",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-06-16 20:55
Modified
2024-11-21 01:25
Severity ?
Summary
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability."
References
secure@microsoft.comhttp://secunia.com/advisories/44912
secure@microsoft.comhttp://www.securityfocus.com/bid/48196
secure@microsoft.comhttp://www.securitytracker.com/id?1025646
secure@microsoft.comhttp://www.securitytracker.com/id?1025647
secure@microsoft.comhttp://www.securitytracker.com/id?1025648
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/44912
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/48196
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025646
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025647
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1025648
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664
Impacted products
Vendor Product Version
microsoft office_infopath 2007
microsoft office_infopath 2010
microsoft office_infopath 2010
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server 2008
microsoft sql_server_management_studio_express 2005
microsoft sql_server_management_studio_express 2005
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office_infopath:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "81BD7AB6-9D00-47C3-9627-BB141538BF6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_infopath:2010:*:x32:*:*:*:*:*",
              "matchCriteriaId": "3518F3B5-5C15-42FB-855A-48CAF5D05AD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_infopath:2010:*:x64:*:*:*:*:*",
              "matchCriteriaId": "F18BF4FE-9517-47D0-9938-0418C86A5D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "1E4FFD18-4CF8-4D4C-A9BF-F692CD5C2091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:express_advanced_services:*:*:*:*:*",
              "matchCriteriaId": "CF6E4324-61CD-497F-ACCD-50D253DE291A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "253CC41C-5DE2-4D76-8E69-13EF53FD256D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "794F6BFC-EFEA-4D9C-BCC6-78D05B560402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:express_advanced_services:*:*:*:*:*",
              "matchCriteriaId": "6CE40B2B-E1A0-4BBE-9A3B-5E7B14F83554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:itanium:*:*:*:*:*",
              "matchCriteriaId": "7E387893-EBA4-448A-9687-400F50A5A2F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp4:x64:*:*:*:*:*",
              "matchCriteriaId": "9916AE10-8EBF-4BB9-885C-1FD0C20ED71C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2:itanium:*:*:*:*:*",
              "matchCriteriaId": "597E44EF-D336-40C4-BB2B-0C8735B96721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:r2:x64:*:*:*:*:*",
              "matchCriteriaId": "63DD17D8-8A29-48EE-8B71-ED3991D94E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp1:itanium:*:*:*:*:*",
              "matchCriteriaId": "B520B7A3-E990-491E-B64E-3C60F8D2174B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp1:x64:*:*:*:*:*",
              "matchCriteriaId": "5FF8171B-403F-4B35-8CF3-1A5E8A9C74A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "5FA2E5E9-A530-4EBA-863A-322C10EFB82C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x32:*:*:*:*:*",
              "matchCriteriaId": "46B4CFCF-6A73-4F96-9F0A-42EE1D7EFD33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2008:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "00F271BE-E397-4DAB-894E-EBA5CD7C465F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF08EF73-73BF-48EE-B824-430F59AEA47B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_management_studio_express:2005:*:x64:*:*:*:*:*",
              "matchCriteriaId": "486B3E1A-DBBB-407B-9D93-05738F8E0AF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka \"XML External Entities Resolution Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "El editor de XML en Microsoft Office InfoPath 2007 SP2 y 2010; SQL Server 2005 SP3 y SP4 y 2008 SP1, SP2 y R2; SQL Server Management Studio Express (SSMSE) 2005; y Visual Studio 2005 SP1, 2008 SP1, y 2010 no maneja correctamente entidades externas, lo que permite a atacantes remotos leer archivos arbitrarios a trav\u00e9s de un fichero .disco (Web Service Discovery) manipulado, tambi\u00e9n conocido como \"XML External Entities Resolution Vulnerability\""
    }
  ],
  "id": "CVE-2011-1280",
  "lastModified": "2024-11-21T01:25:58.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-06-16T20:55:02.353",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/44912"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/48196"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025646"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025647"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1025648"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/44912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1025648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12664"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "718C39FC-A564-4CE4-B88F-C9D7108764DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "754856ED-0708-4505-B3CC-C3CF1818DD59",
              "versionEndIncluding": "15.8",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE5FF31-110B-4518-A0B9-E94E2840B492",
              "versionEndIncluding": "16.3",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BFBAC2-C362-457F-90A8-9E56C25694E6",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u003cp\u003eA remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how Visual Studio handles objects in memory.\u003c/p\u003e\n"
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Visual Studio cuando maneja inapropiadamente objetos en la memoria, tambi\u00e9n se conoce como \"Visual Studio Remote Code Execution Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-16856"
    }
  ],
  "id": "CVE-2020-16874",
  "lastModified": "2024-11-21T05:07:18.337",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-09-11T17:15:17.480",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 16.8
microsoft windows_10 20h2
microsoft windows_10 1607
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 20h2
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA2CA6-EE09-4822-8A44-DF69A4164CED",
              "versionEndExcluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DBA7D99-6B58-4C62-B683-C9F91C82FEEA",
              "versionEndExcluding": "16.4",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF76B45-3EA0-4BD6-8799-888F0654D2AE",
              "versionEndExcluding": "16.7",
              "versionStartIncluding": "16.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE9B863-01E5-486C-8B9D-6DC0F78222A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios del recopilador est\u00e1ndar de Diagnostics Hub. Este ID de CVE es diferente de CVE-2021-1680"
    }
  ],
  "id": "CVE-2021-1651",
  "lastModified": "2024-11-21T05:44:48.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-01-12T20:15:30.963",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1651"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-09-11 22:15
Modified
2024-11-21 04:36
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1703
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2019 -
microsoft visual_studio 2015
microsoft visual_studio_2017 15.0
microsoft visual_studio_2017 15.9
microsoft visual_studio_2019 16.0
microsoft visual_studio_2019 16.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A58739-CD5F-45F6-BDA3-14069413B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3886D126-9ADC-4AAF-8169-70F3DE3A7773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE087F4D-F5FC-4286-B559-AE5C0E448D27",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \u0027Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Diagnostics Hub Standard Collector Service suplanta inapropiadamente ciertas operaciones de archivo, tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\"."
    }
  ],
  "id": "CVE-2019-1232",
  "lastModified": "2024-11-21T04:36:17.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-11T22:15:15.100",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1232"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-03-07 11:02
Modified
2024-11-21 00:07
Severity ?
Summary
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).
References
cve@mitre.orghttp://secunia.com/advisories/19081Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1015721Exploit, Vendor Advisory
cve@mitre.orghttp://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.phpExploit, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/23711
cve@mitre.orghttp://www.securityfocus.com/archive/1/426767/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/426830/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/16953
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/0825Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/25148
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19081Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1015721Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.phpExploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/23711
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/426767/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/426830/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/16953
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/0825Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/25148
Impacted products
Vendor Product Version
microsoft visual_interdev 6.0
microsoft visual_studio 6.0
microsoft visual_studio 6.0
microsoft visual_studio 6.0
microsoft visual_studio 6.0
microsoft visual_studio 6.0
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_interdev:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "394EC852-89B9-4246-86DB-D27A38ED29F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "00ACB96E-1B59-46F5-855F-2091DDB26BA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "C23A9BBF-7393-410D-A216-05BAD1316E97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "0E5AA7B4-99B7-492F-B937-013D1A1B357A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "6799E715-5704-4A13-A4EF-9FC6BBF73A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "3888629B-9F0F-4675-8770-8781A66ADCA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln)."
    }
  ],
  "id": "CVE-2006-1043",
  "lastModified": "2024-11-21T00:07:56.663",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-03-07T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19081"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015721"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/23711"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/426767/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/426830/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/16953"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0825"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.frsirt.com/exploits/20060305.ms-visual-dbp.c.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/23711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/426767/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/426830/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/16953"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/0825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25148"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-31 22:04
Modified
2024-11-21 00:16
Severity ?
Summary
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
References
cve@mitre.orghttp://securityreason.com/securityalert/1473
cve@mitre.orghttp://www.securityfocus.com/archive/1/443499/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19572
cve@mitre.orghttp://www.xsec.org/index.php?module=releases&act=view&type=1&id=15Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1473
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443499/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19572
af854a3a-2127-422b-91ae-364da2661108http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15Exploit, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 6.0
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "00ACB96E-1B59-46F5-855F-2091DDB26BA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll."
    },
    {
      "lang": "es",
      "value": "Microsoft Visual Studio 6.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente ejecutar c\u00f3digo arbitrario instanciando objetos Visual Studio 6.0 ActiveX COM en Internet Explorer, incluyendo (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, y (5) vi30aut.dll."
    }
  ],
  "id": "CVE-2006-4494",
  "lastModified": "2024-11-21T00:16:05.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-31T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1473"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19572"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1473"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443499/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.xsec.org/index.php?module=releases\u0026act=view\u0026type=1\u0026id=15"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF manipulado, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de b\u00fafer GDI+ TIFF\"."
    }
  ],
  "id": "CVE-2009-2502",
  "lastModified": "2024-11-21T01:05:01.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2009-10-14T10:30:01.390",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-12-12 00:29
Modified
2024-11-21 04:14
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
References
secure@microsoft.comhttp://www.securityfocus.com/bid/106094Third Party Advisory, VDB Entry
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106094Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 15.9
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1703
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_server_2016 -
microsoft windows_server_2016 1709
microsoft windows_server_2016 1803
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B454BFE-D3AB-4CDC-B79B-F60EA3F57DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability.\" This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de elevaci\u00f3n de privilegios cuando el servicio Diagnostics Hub Standard Collector suplanta de forma inadecuada ciertas operaciones con archivos. Esto tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability\". Esto afecta a Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10 y Windows 10 Servers."
    }
  ],
  "id": "CVE-2018-8599",
  "lastModified": "2024-11-21T04:14:06.293",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-12T00:29:00.840",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106094"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8599"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-273"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka \"GDI+ TIFF Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 no localiza adecuadamente un b\u00fafer sin especificar, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen TIFF que inicia una corrupci\u00f3n de memoria, tambi\u00e9n conocido como \"Vulnerabilidad de corrupci\u00f3n de memoria GDI+ TIFF\""
    }
  ],
  "id": "CVE-2009-2503",
  "lastModified": "2024-11-21T01:05:02.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.407",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6491"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-09-14 01:17
Modified
2024-11-21 00:36
Severity ?
Summary
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method. NOTE: contents can be copied from local files via the Load method.
References
cve@mitre.orghttp://secunia.com/advisories/26779
cve@mitre.orghttp://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html
cve@mitre.orghttp://www.securityfocus.com/bid/25635
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36571
cve@mitre.orghttps://www.exploit-db.com/exploits/4394
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26779
af854a3a-2127-422b-91ae-364da2661108http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25635
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36571
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4394
Impacted products
Vendor Product Version
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft Visual Studio 6.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveAs method.  NOTE: contents can be copied from local files via the Load method."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio absoluto en un determinado control ActiveX en la biblioteca de Soporte VB a VSI (VBTOVSI.DLL) 1.0.0.0 de Microsoft Visual Studio 6.0 permite a atacantes remotos crear o sobre-escribir ficheros de su elecci\u00f3n mediante un nombre de ruta completo en el argumento del m\u00e9todo SaveAs.\r\nNOTA: Los contenidos pueden ser copiados de ficheros locales mediante el m\u00e9todo Load."
    }
  ],
  "id": "CVE-2007-4890",
  "lastModified": "2024-11-21T00:36:38.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-14T01:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26779"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25635"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36571"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://shinnai.altervista.org/exploits/txt/TXT_qwFZc3a35RLy5AGxVBjJ.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36571"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4394"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:06
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka \"GDI+ PNG Integer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack para Word, Excel, y PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web v2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una fichero de imagen PNG manipulada, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ PNG\""
    }
  ],
  "id": "CVE-2009-3126",
  "lastModified": "2024-11-21T01:06:36.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.843",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6134"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
secure@microsoft.comhttp://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
secure@microsoft.comhttp://seclists.org/fulldisclosure/2021/Apr/40Mailing List, Third Party Advisory
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Apr/40Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft windows_10 20h2
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 20h2
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D7DA66-67F6-4B60-AF63-38C3C2C758AB",
              "versionEndIncluding": "16.7",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "861B2F5D-4549-4186-BD88-A5180F4D83DF",
              "versionEndIncluding": "16.9",
              "versionStartIncluding": "16.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de Elevaci\u00f3n de Privilegios del Diagnostics Hub Standard Collector Service. Este ID de CVE es diferente de CVE-2021-28313, CVE-2021-28322"
    }
  ],
  "id": "CVE-2021-28321",
  "lastModified": "2024-11-21T05:59:28.910",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-04-13T20:15:16.923",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28321"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-06-14 00:15
Modified
2024-11-21 08:04
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Visual Studio Information Disclosure Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update5:*:*:*:*:*:*",
              "matchCriteriaId": "647EBBAA-C731-4954-A62C-2B1AAFB1061C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB877090-2FA4-4E6A-99D1-70375A3AD90E",
              "versionEndExcluding": "15.8",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "979A6A3D-64F8-4099-A00D-16F5BAC2BD79",
              "versionEndExcluding": "15.9.55",
              "versionStartIncluding": "15.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26472C42-CDB4-4176-B10B-3BF26F5030E3",
              "versionEndIncluding": "16.10",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF8A760-E6E1-483D-A955-102A8D82B62C",
              "versionEndExcluding": "16.11.27",
              "versionStartIncluding": "16.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F98BC-0D82-4AEB-9E1E-D67325E99385",
              "versionEndExcluding": "17.0.22",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B0B496-BC41-4F9D-9A28-AE7664B5C77D",
              "versionEndExcluding": "17.2.16",
              "versionStartIncluding": "17.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC861E65-1682-4E99-8A7B-F4A31DDC0198",
              "versionEndExcluding": "17.4.8",
              "versionStartIncluding": "17.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51DB90D6-C1C4-43B9-8B37-696CB361F37F",
              "versionEndExcluding": "17.6.3",
              "versionStartIncluding": "17.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Information Disclosure Vulnerability"
    }
  ],
  "id": "CVE-2023-33139",
  "lastModified": "2024-11-21T08:04:58.090",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-14T00:15:12.380",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-11-10 01:19
Modified
2024-11-21 06:27
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277Patch, Vendor Advisory
secure@microsoft.comhttps://www.zerodayinitiative.com/advisories/ZDI-21-1306/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-21-1306/Third Party Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 20h2
microsoft windows_10 21h1
microsoft windows_10 1607
microsoft windows_10 1809
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_11 -
microsoft windows_11 -
microsoft windows_server_2016 -
microsoft windows_server_2016 20h2
microsoft windows_server_2016 2004
microsoft windows_server_2019 -
microsoft windows_server_2022 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9984FFB-8AFA-438F-B762-B98649B64B23",
              "versionEndIncluding": "16.11",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE4278F-71A7-43E9-8F79-1CBFAE71D730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "B9F64296-66BF-4F1D-A11C-0C44C347E2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "5D7F7DDB-440E-42CD-82F4-B2C13F3CC462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Elevaci\u00f3n de Privilegios en Diagnostics Hub Standard Collector"
    }
  ],
  "id": "CVE-2021-42277",
  "lastModified": "2024-11-21T06:27:30.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-11-10T01:19:44.063",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1306/"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-06-14 15:15
Modified
2024-11-21 07:48
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft .net_framework 4.8
microsoft windows_10_1607 -
microsoft windows_10_1607 -
microsoft windows_server_2008 r2
microsoft windows_server_2012 -
microsoft windows_server_2012 r2
microsoft windows_server_2016 -
microsoft .net_framework 4.6.2
microsoft .net_framework 4.7
microsoft .net_framework 4.7.1
microsoft .net_framework 4.7.2
microsoft windows_server_2008 r2
microsoft windows_server_2012 -
microsoft windows_server_2012 r2
microsoft .net_framework 4.6.2
microsoft windows_server_2008 -
microsoft windows_server_2008 -
microsoft windows_server_2012 -
microsoft windows_server_2012 r2
microsoft .net_framework 3.5
microsoft .net_framework 4.6.2
microsoft windows_10_1507 -
microsoft windows_10_1507 -
microsoft .net_framework 3.5
microsoft .net_framework 4.8.1
microsoft windows_10_1607 -
microsoft windows_10_1607 -
microsoft windows_10_21h2 -
microsoft windows_10_21h2 -
microsoft windows_10_21h2 -
microsoft windows_10_22h2 -
microsoft windows_10_22h2 -
microsoft windows_10_22h2 -
microsoft windows_11_21h2 -
microsoft windows_11_21h2 -
microsoft windows_11_22h2 -
microsoft windows_11_22h2 -
microsoft windows_server_2022 -
microsoft .net_framework 3.5
microsoft .net_framework 4.8
microsoft windows_10_1607 -
microsoft windows_10_1607 -
microsoft windows_10_1809 -
microsoft windows_10_1809 -
microsoft windows_10_21h2 -
microsoft windows_10_21h2 -
microsoft windows_10_21h2 -
microsoft windows_10_22h2 -
microsoft windows_10_22h2 -
microsoft windows_10_22h2 -
microsoft windows_11_21h2 -
microsoft windows_11_21h2 -
microsoft windows_11_22h2 -
microsoft windows_11_22h2 -
microsoft windows_server_2019 -
microsoft windows_server_2022 -
microsoft .net_framework 3.5
microsoft .net_framework 4.7.2
microsoft windows_10_1809 -
microsoft windows_10_1809 -
microsoft windows_server_2019 -
microsoft .net_framework 3.5
microsoft .net_framework 4.6.2
microsoft .net_framework 4.7
microsoft .net_framework 4.7.1
microsoft .net_framework 4.7.2
microsoft windows_10_1607 -
microsoft windows_10_1607 -
microsoft windows_server_2016 -
microsoft .net 6.0.0
microsoft .net 7.0.0
microsoft visual_studio 2015
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
              "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "934D4E46-12C1-41DC-A28C-A2C430E965E4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "61959ACC-B608-4556-92AF-4D94B338907A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "B2D24C54-F04F-4717-B614-FE67B3ED9DC0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "D5EC3F68-8F41-4F6B-B2E5-920322A4A321",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3F18AF-84ED-473B-A8DF-65EB23C475AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "8FC46499-DB6E-48BF-9334-85EE27AFE7AF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "83A79DD6-E74E-419F-93F1-323B68502633",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "61959ACC-B608-4556-92AF-4D94B338907A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "A9D54EE6-30AF-411C-A285-A4DCB6C6EC06",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "F2D718BD-C4B7-48DB-BE78-B9CA22F27DD0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "0C3552E0-F793-4CDD-965D-457495475805",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:arm64:*",
              "matchCriteriaId": "B2D24C54-F04F-4717-B614-FE67B3ED9DC0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "D5EC3F68-8F41-4F6B-B2E5-920322A4A321",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "306B7CE6-8239-4AED-9ED4-4C9F5B349F58",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "345FCD64-D37B-425B-B64C-8B1640B7E850",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E039CE1F-B988-4741-AE2E-5B36E2AF9688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A16AD2B0-2189-4E8E-B7FC-CE598CA1CB2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "734112B3-1383-4BE3-8721-C0F84566B764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36B0E40A-84EF-4099-A395-75D6B8CDA196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF7A75E-EE27-4AA7-8D84-9D696728A4CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
              "matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1DE0C8DD-9C73-4876-8193-068F18074B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E2C6C0-FD91-40D9-B1A4-C1C348A156C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update5:*:*:*:*:*:*",
              "matchCriteriaId": "647EBBAA-C731-4954-A62C-2B1AAFB1061C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "754856ED-0708-4505-B3CC-C3CF1818DD59",
              "versionEndIncluding": "15.8",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "979A6A3D-64F8-4099-A00D-16F5BAC2BD79",
              "versionEndExcluding": "15.9.55",
              "versionStartIncluding": "15.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26472C42-CDB4-4176-B10B-3BF26F5030E3",
              "versionEndIncluding": "16.10",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFF8A760-E6E1-483D-A955-102A8D82B62C",
              "versionEndExcluding": "16.11.27",
              "versionStartIncluding": "16.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B1F98BC-0D82-4AEB-9E1E-D67325E99385",
              "versionEndExcluding": "17.0.22",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B0B496-BC41-4F9D-9A28-AE7664B5C77D",
              "versionEndExcluding": "17.2.16",
              "versionStartIncluding": "17.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC861E65-1682-4E99-8A7B-F4A31DDC0198",
              "versionEndExcluding": "17.4.8",
              "versionStartIncluding": "17.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51DB90D6-C1C4-43B9-8B37-696CB361F37F",
              "versionEndExcluding": "17.6.3",
              "versionStartIncluding": "17.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
    }
  ],
  "id": "CVE-2023-24897",
  "lastModified": "2024-11-21T07:48:43.800",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-06-14T15:15:09.503",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-01-24 01:28
Modified
2024-11-21 00:25
Severity ?
Summary
Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.
References
cve@mitre.orghttp://osvdb.org/31607
cve@mitre.orghttp://secunia.com/advisories/23856Exploit, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/2172
cve@mitre.orghttp://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cppExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/457646/100/0/threaded
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0296
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/31665
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/31607
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23856Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/2172
af854a3a-2127-422b-91ae-364da2661108http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cppExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/457646/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0296
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/31665
Impacted products
Vendor Product Version
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "BAD33315-8B53-42AB-939D-E02A97DB260D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the \"1 TYPELIB MOVEABLE PURE\" option in an RC file."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en rcdll.dll en msdev.exe de Visual C++ (MSVC) en Microsoft Visual Studio 6.0 SP6 permite a atacantes remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una ruta de fichero larga en la opci\u00f3n \"1 TYPELIB MOVEABLE PURE\" de un fichero RC."
    }
  ],
  "id": "CVE-2007-0468",
  "lastModified": "2024-11-21T00:25:56.470",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-01-24T01:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/31607"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23856"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/2172"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457646/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0296"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/31607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/2172"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.anspi.pl/~porkythepig/visualization/rc-kupiekrowe.cpp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457646/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31665"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"GDI+ .NET API Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de enteros en las API no especificadas en GDI+ en .NET Framework versi\u00f3n 1.1 SP1, .NET Framework versi\u00f3n 2.0 SP1 y SP2, Windows XP SP2 y SP3, Windows Server 2003 SP2, Vista versi\u00f3n Gold y SP1, Server 2008 versi\u00f3n Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 versi\u00f3n Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 versi\u00f3n Gold, SP1 y SP2, Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 versi\u00f3n Gold y SP1, Works versi\u00f3n 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 y SP3, Report Viewer 2005 SP1, Report Viewer 2008 versi\u00f3n Gold y SP1 y Forefront Client Security versi\u00f3n 1.0, de Microsoft, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de (1) una aplicaci\u00f3n de navegador XAML dise\u00f1ada (XBAP), (2) una aplicaci\u00f3n de ASP.NET dise\u00f1ada o (3) una aplicaci\u00f3n de .NET Framework dise\u00f1ada, tambi\u00e9n se conoce como \"GDI+ .NET API Vulnerability\"."
    }
  ],
  "id": "CVE-2009-2504",
  "lastModified": "2024-11-21T01:05:02.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.437",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6282"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2024-01-09 18:15
Modified
2024-11-21 08:52
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Visual Studio Elevation of Privilege Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *
microsoft visual_studio_2022 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A3FE761-3245-4763-9FC8-FA81B2AFC945",
              "versionEndExcluding": "15.9.59",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAEA929-9BCB-463F-BFD7-E56E9BEB8AB3",
              "versionEndExcluding": "16.11.33",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05D999A1-AB25-4642-8D94-07AD00FEE820",
              "versionEndExcluding": "17.2.23",
              "versionStartIncluding": "17.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1C61FB-CC6B-4D88-8B7F-FFE9D1238A6C",
              "versionEndExcluding": "17.4.15",
              "versionStartIncluding": "17.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CA9C0A3-7D62-40CE-8493-514CB313F72C",
              "versionEndExcluding": "17.6.11",
              "versionStartIncluding": "17.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Visual Studio"
    }
  ],
  "id": "CVE-2024-20656",
  "lastModified": "2024-11-21T08:52:51.190",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-01-09T18:15:48.490",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826
Impacted products
Vendor Product Version
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 15.9
microsoft visual_studio_2019 16.9
microsoft visual_studio_2019 16.11
microsoft visual_studio_2022 17.0
microsoft visual_studio_2022 17.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6CF9B0-D279-42CD-A84D-48327F44422D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E7DAC9-17EF-40D4-AEEC-C24970B7190F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3393F97F-05CD-4B04-A6E1-3D914652C4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB70FC91-06DB-4E92-9C0B-6FDE078F911B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35777, CVE-2022-35825, CVE-2022-35827"
    }
  ],
  "id": "CVE-2022-35826",
  "lastModified": "2024-11-21T07:11:45.927",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-09T20:15:15.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827
Impacted products
Vendor Product Version
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 15.9
microsoft visual_studio_2019 16.9
microsoft visual_studio_2019 16.11
microsoft visual_studio_2022 17.0
microsoft visual_studio_2022 17.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6CF9B0-D279-42CD-A84D-48327F44422D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E7DAC9-17EF-40D4-AEEC-C24970B7190F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3393F97F-05CD-4B04-A6E1-3D914652C4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB70FC91-06DB-4E92-9C0B-6FDE078F911B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35777, CVE-2022-35825, CVE-2022-35826"
    }
  ],
  "id": "CVE-2022-35827",
  "lastModified": "2024-11-21T07:11:46.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-09T20:15:15.307",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-08-08 23:17
Modified
2024-11-21 00:35
Severity ?
Summary
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method. NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127.
References
cve@mitre.orghttp://osvdb.org/41080
cve@mitre.orghttps://www.exploit-db.com/exploits/4259
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41080
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4259
Impacted products
Vendor Product Version
microsoft visual_database_tools_database_designer 7.0
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_database_tools_database_designer:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A990AFA-608E-445C-9F26-B7B261760F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for Microsoft Visual Studio 6 allows remote attackers to execute arbitrary code via a long argument to the NotSafe method.  NOTE: this may overlap CVE-2007-2885 or CVE-2005-2127."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en un determinado control ActiveX de VDT70.DLL en Microsoft Visual Database Tools Database Designer 7.0 para Microsoft Visual Studio 6 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un argumento largo para el m\u00e9todo NotSafe. NOTA: esto podr\u00eda solaparse con CVE-2007-2885 o CVE-2005-2127."
    }
  ],
  "id": "CVE-2007-4254",
  "lastModified": "2024-11-21T00:35:09.403",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-08T23:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41080"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4259"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-07-29 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
References
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=126592505426855&w=2
secure@microsoft.comhttp://marc.info/?l=bugtraq&m=126592505426855&w=2
secure@microsoft.comhttp://secunia.com/advisories/35967
secure@microsoft.comhttp://secunia.com/advisories/36374
secure@microsoft.comhttp://secunia.com/advisories/36746
secure@microsoft.comhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
secure@microsoft.comhttp://www.adobe.com/support/security/bulletins/apsb09-10.html
secure@microsoft.comhttp://www.adobe.com/support/security/bulletins/apsb09-13.html
secure@microsoft.comhttp://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2009/2034
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-10.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-13.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573
Impacted products
Vendor Product Version
microsoft visual_c\+\+ 2005
microsoft visual_c\+\+ 2008
microsoft visual_c\+\+ 2008
microsoft visual_studio 2005
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "FA86F8B2-0211-4FF6-BE07-2E2EC06DFC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "9BA98FBB-255F-4AC9-B035-54C60EEE022B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "B20EDFCC-8C10-4EBF-BCC6-1A17362E6676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\\+\\+_tools:*:*:*:*:*",
              "matchCriteriaId": "9E35016A-D55F-4607-8716-77AACB7B166C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka \"ATL Null String Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La Active Template Library (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold y SP1, y Visual C++ 2005 SP1 y 2008 Gold y SP1 no cumple adecuadamente con la terminaci\u00f3n de cadena, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un documentos HTML manipulado con un (1) control o (2) componente ATL que provoca un desbordamiento de lectura de b\u00fafer. Relacionado con la reserva de cabeceras y b\u00fafers ATL. Tambi\u00e9n conocida como \"Vulnerabilidad de cadena nula ATL\"."
    }
  ],
  "id": "CVE-2009-2495",
  "lastModified": "2024-11-21T01:05:00.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-07-29T17:30:01.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2000-02-18 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
References
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011
Impacted products
Vendor Product Version
microsoft ie 4.0
microsoft ie 4.0
microsoft ie 4.1
microsoft ie 4.1
microsoft ie 5
microsoft ie 5.0
microsoft ie 5.0
microsoft internet_explorer 4.0
microsoft visual_studio 6.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_98:*:*:*:*:*",
              "matchCriteriaId": "D0BDA2A8-EBB9-47AB-9DA0-5C24527F7210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:4.0:*:windows_nt:*:*:*:*:*",
              "matchCriteriaId": "077B638C-F14D-4048-86C8-B62517C5182F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_95:*:*:*:*:*",
              "matchCriteriaId": "D45C47A8-8B5F-4A49-8B36-FCBA09029375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:4.1:*:windows_nt_4.0:*:*:*:*:*",
              "matchCriteriaId": "84730D4D-7887-4A64-8C76-F50C85309FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*",
              "matchCriteriaId": "7AAA310C-7DED-40B3-B5EF-80C7407BB01A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*",
              "matchCriteriaId": "0CE25503-0EDA-4AFA-A4B8-36396BB4A4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*",
              "matchCriteriaId": "376DA3A6-FAB8-4B18-B9D9-C176675C7671",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the \"VM File Reading\" vulnerability."
    }
  ],
  "id": "CVE-2000-0162",
  "lastModified": "2024-11-20T23:31:51.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2000-02-18T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825
Impacted products
Vendor Product Version
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 15.9
microsoft visual_studio_2019 16.9
microsoft visual_studio_2019 16.11
microsoft visual_studio_2022 17.0
microsoft visual_studio_2022 17.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6CF9B0-D279-42CD-A84D-48327F44422D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E7DAC9-17EF-40D4-AEEC-C24970B7190F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3393F97F-05CD-4B04-A6E1-3D914652C4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB70FC91-06DB-4E92-9C0B-6FDE078F911B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35777, CVE-2022-35826, CVE-2022-35827"
    }
  ],
  "id": "CVE-2022-35825",
  "lastModified": "2024-11-21T07:11:45.800",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-09T20:15:15.193",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka \"Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "GDI+ en Microsoft Office XP SP3 no maneja adecuadamente los objetos mal formados en Office Art Property Tables, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento de Office manipulado que provoca una corrupci\u00f3n de memoria, \"tambi\u00e9n conocida como vulnerabilidad de corrupci\u00f3n de memoria\"."
    }
  ],
  "id": "CVE-2009-2528",
  "lastModified": "2024-11-21T01:05:05.200",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.703",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6426"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-08-31 20:00
Modified
2024-11-21 01:18
Severity ?
Summary
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability."
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlMailing List, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/41212Third Party Advisory
cve@mitre.orghttp://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/Broken Link
cve@mitre.orghttp://www.securityfocus.com/bid/42811Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA11-102A.htmlThird Party Advisory, US Government Resource
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025Patch, Vendor Advisory
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457Third Party Advisory
cve@mitre.orghttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190Patch, Vendor Advisory
cve@mitre.orghttps://support.apple.com/HT205221Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.htmlMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41212Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/42811Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA11-102A.htmlThird Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/HT205221Vendor Advisory
Impacted products
Vendor Product Version
apple itunes 12.1.3
microsoft visual_c\+\+ 2005
microsoft visual_c\+\+ 2008
microsoft visual_c\+\+ 2010
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2010
microsoft visual_studio_.net 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:itunes:12.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4354E6D0-5AA8-4F1B-BD3B-1B66ABD062A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "619BEBC1-9B3B-47B6-A0FC-E77084D57784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "F5719E28-6122-4BCA-91B7-E9709DA5A891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2010:sp1:*:*:redistributable_package:*:*:*",
              "matchCriteriaId": "A04EBB20-FC22-4482-861F-774853382E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:-:*:*:*:*:*:*",
              "matchCriteriaId": "4F4DFC93-9533-4893-B634-0551CDE7D252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka \"MFC Insecure Library Loading Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no fiable en Microsoft Foundation Class (MFC) Library en Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1 y 2010; Visual C++ 2005 SP1, 2008 SP1 y 2010 y Exchange Server 2010 Service Pack 3, 2013 y 2013 permite que usuarios locales obtengan privilegios mediante un archivo troyano dwmapi.dll en el directorio de trabajo actual durante la ejecuci\u00f3n de una aplicaci\u00f3n MFC como AtlTraceTool8.exe (tambi\u00e9n conocida como ATL MFC Trace Tool), tal y como queda demostrado con un directorio que contiene archivos TRC, cur, rs, rct o res. Esto tambi\u00e9n se conoce como \"MFC Insecure Library Loading Vulnerability\"."
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\nCWE-426: Untrusted Search Path",
  "evaluatorImpact": "Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per \"This is a remote code execution vulnerability\"",
  "id": "CVE-2010-3190",
  "lastModified": "2024-11-21T01:18:14.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-31T20:00:02.297",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/42811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA11-102A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12457"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2010-3190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205221"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:07
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "718C39FC-A564-4CE4-B88F-C9D7108764DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "754856ED-0708-4505-B3CC-C3CF1818DD59",
              "versionEndIncluding": "15.8",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FE5FF31-110B-4518-A0B9-E94E2840B492",
              "versionEndIncluding": "16.3",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BFBAC2-C362-457F-90A8-9E56C25694E6",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u003cp\u003eA remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u003c/p\u003e\n\u003cp\u003eTo exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting how Visual Studio handles objects in memory.\u003c/p\u003e\n"
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en Visual Studio cuando maneja inapropiadamente objetos en la memoria, tambi\u00e9n se conoce como \"Visual Studio Remote Code Execution Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-16874"
    }
  ],
  "id": "CVE-2020-16856",
  "lastModified": "2024-11-21T05:07:16.903",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-09-11T17:15:16.857",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-09-14 01:17
Modified
2024-11-21 00:36
Severity ?
Summary
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell.
References
cve@mitre.orghttp://osvdb.org/37106
cve@mitre.orghttp://secunia.com/advisories/26779
cve@mitre.orghttp://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
cve@mitre.orghttp://www.securityfocus.com/bid/25638Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/36572
cve@mitre.orghttps://www.exploit-db.com/exploits/4393
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37106
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26779
af854a3a-2127-422b-91ae-364da2661108http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25638Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/36572
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/4393
Impacted products
Vendor Product Version
microsoft visual_studio 6.0
microsoft visual_studio 6.0.0.9782


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CDA0E2-DFBD-4EE0-80DC-76AA55ADFEFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:6.0.0.9782:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1DF3FDC-7E70-4385-9DAF-539FAAE77C5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, and (6) CABRunFile methods, which allows remote attackers to execute arbitrary programs and have other impacts, as demonstrated using absolute pathnames in arguments to StartProcess and SyncShell."
    },
    {
      "lang": "es",
      "value": "Un determinado control ActiveX de PDWizard.ocx 6.0.0.9782 y versiones anteriores de Microsoft Visual Studio 6.0 expone m\u00e9todos peligrosos (1) StartProcess, (2) SyncShell, (3) SaveAs, (4) CABDefaultURL, (5) CABFileName, y (6) CABRunFile, lo cual permite a atacantes remotos   ejecutar programas de su elecci\u00f3n y tener otros impactos, como se demuestra utilizando nombre de ruta absoluta en argumentos a StartProcess y SyncShell."
    }
  ],
  "id": "CVE-2007-4891",
  "lastModified": "2024-11-21T00:36:39.090",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-09-14T01:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37106"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26779"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25638"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/4393"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26779"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://shinnai.altervista.org/exploits/txt/TXT_AZJ5bXwXvMARqwtfe97I.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/25638"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36572"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/4393"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-13 20:15
Modified
2024-11-21 05:59
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
References
secure@microsoft.comhttp://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
secure@microsoft.comhttp://seclists.org/fulldisclosure/2021/Apr/40Mailing List, Third Party Advisory
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Apr/40Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft windows_10 20h2
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 20h2
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57D7DA66-67F6-4B60-AF63-38C3C2C758AB",
              "versionEndIncluding": "16.7",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "861B2F5D-4549-4186-BD88-A5180F4D83DF",
              "versionEndIncluding": "16.9",
              "versionStartIncluding": "16.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de elevaci\u00f3n de privilegios del Diagnostics Hub Standard Collector Service. Este ID de CVE es diferente de CVE-2021-28321, CVE-2021-28322"
    }
  ],
  "id": "CVE-2021-28313",
  "lastModified": "2024-11-21T05:59:27.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-04-13T20:15:16.453",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162251/Microsoft-DiagHub-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28313"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-05-16 19:29
Modified
2024-11-21 04:17
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 15.0
microsoft visual_studio_2017 15.9
microsoft visual_studio_2019 16.0
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1703
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A58739-CD5F-45F6-BDA3-14069413B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "6290EF90-AB91-4990-8D44-4F64F49AE133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3886D126-9ADC-4AAF-8169-70F3DE3A7773",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEE2E768-0F45-46E1-B6D7-087917109D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka \u0027Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability\u0027."
    },
    {
      "lang": "es",
      "value": "Hay una vulnerabilidad de elevaci\u00f3n de privilegios cuando Diagnostics Hub Standard Collector o Visual Studio Standard Collector permite la eliminaci\u00f3n de archivos en ubicaciones arbitrarias. Para aprovechar la vulnerabilidad, un atacante primero tendr\u00eda que iniciar sesi\u00f3n en el sistema, conocido como \u0027Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability\u0027."
    }
  ],
  "id": "CVE-2019-0727",
  "lastModified": "2024-11-21T04:17:10.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-05-16T19:29:00.537",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0727"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1257, CVE-2020-1293"
    }
  ],
  "id": "CVE-2020-1278",
  "lastModified": "2024-11-21T05:10:08.957",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T20:15:18.257",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1278"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2014-05-20 23:55
Modified
2024-11-21 02:08
Severity ?
Summary
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
References
cve@mitre.orghttp://www.securityfocus.com/bid/67398Third Party Advisory, VDB Entry
cve@mitre.orghttp://zerodayinitiative.com/advisories/ZDI-14-129/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/67398Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-14-129/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
microsoft debug_interface_access_software_development_kit -
microsoft visual_studio *
microsoft visual_studio 2002
microsoft visual_studio 2003
microsoft visual_studio 2005
microsoft visual_studio 2010
microsoft visual_studio 2010


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:debug_interface_access_software_development_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8D8D4D-3E1A-4C3E-93BD-B8B7C38C7D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD71DE0A-180E-4FDC-AD7A-E5E6432E79E4",
              "versionEndIncluding": "2012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "2932E484-D529-49E0-A929-7099C389E990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "218BBF55-83D9-46D3-8650-42F370B8AE5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9D526CD-0FD2-4510-901D-ACE418FEC8A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file."
    },
    {
      "lang": "es",
      "value": "msdia.dll en Microsoft Debug Interface Access (DIA) SDK, distribuido en Microsoft Visual Studio anterior a 2013, no valida debidamente una variable no especificada antes de utilizarla para calcular una direcci\u00f3n de llamada din\u00e1mica, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un archivo PDB manipulado."
    }
  ],
  "id": "CVE-2014-3802",
  "lastModified": "2024-11-21T02:08:52.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-05-20T23:55:05.277",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67398"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-14-129/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/67398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://zerodayinitiative.com/advisories/ZDI-14-129/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-11 17:15
Modified
2024-11-21 05:09
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D24A94DC-945C-42E3-91FD-CB0B541D8C51",
              "versionEndExcluding": "15.9.27",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E37F70-BFA4-40AF-AFB5-E0771CD1426E",
              "versionEndExcluding": "16.4.13",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "774D798B-0012-4174-AB23-514260463404",
              "versionEndExcluding": "16.7.3",
              "versionStartIncluding": "16.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\u003cp\u003eAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.\u003c/p\u003e\n\u003cp\u003eAn attacker could exploit this vulnerability by running a specially crafted application on the victim system.\u003c/p\u003e\n\u003cp\u003eThe update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.\u003c/p\u003e\n"
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de escalada de privilegios cuando el Diagnostics Hub Standard Collector maneja inapropiadamente las operaciones de archivos, tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\".\u0026#xa0;Este ID de CVE es diferente de CVE-2020-1130"
    }
  ],
  "id": "CVE-2020-1133",
  "lastModified": "2024-11-21T05:09:48.937",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-09-11T17:15:19.090",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1133"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-10-14 10:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
References
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967
Impacted products
Vendor Product Version
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_2003_server *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_server_2008 *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_vista *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_xp *
microsoft windows_2000 *
microsoft .net_framework 1.1
microsoft .net_framework 2.0
microsoft .net_framework 2.0
microsoft internet_explorer 6
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server 2005
microsoft sql_server_reporting_services 2000
microsoft excel_viewer 2003
microsoft excel_viewer 2003
microsoft expression_web *
microsoft expression_web 2
microsoft office 2003
microsoft office 2007
microsoft office 2007
microsoft office xp
microsoft office_compatibility_pack 2007
microsoft office_compatibility_pack 2007
microsoft office_excel_viewer *
microsoft office_groove 2007
microsoft office_groove 2007
microsoft office_powerpoint_viewer *
microsoft office_powerpoint_viewer 2007
microsoft office_powerpoint_viewer 2007
microsoft office_word_viewer *
microsoft project 2002
microsoft visio 2002
microsoft word_viewer 2003
microsoft word_viewer 2003
microsoft works 8.5
microsoft platform_sdk *
microsoft report_viewer 2005
microsoft report_viewer 2008
microsoft report_viewer 2008
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003
microsoft visual_studio_.net 2005
microsoft forefront_client_security 1.0
microsoft visual_foxpro 8.0
microsoft visual_foxpro 9.0
microsoft windows_2000 *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "2978BF86-5A1A-438E-B81F-F360D0E30C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EFB032-47F4-4497-B16B-CB9126EAC9DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "7F6EA111-A4E6-4963-A0C8-F9336C605B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*",
              "matchCriteriaId": "9CFB1A97-8042-4497-A45D-C014B5E240AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "7F9C7616-658D-409D-8B53-AC00DC55602A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*",
              "matchCriteriaId": "1DD1D5ED-FE7C-4ADF-B3AF-1F13E51B4FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C162FFF0-1E8F-4DCF-A08F-6C6E324ED878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
              "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "0BF6AE15-EAC3-4100-A742-211026C79CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F97EB992-2DC1-4E31-A298-072D8313130B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "42A6DF09-B8E1-414D-97E7-453566055279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "D47247A3-7CD7-4D67-9D9B-A94A504DA1BE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "26423C70-4475-4D7E-8CC0-D8CFADE16B26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:itanium:*:*:*:*:*",
              "matchCriteriaId": "F7EF6C51-17EA-43E4-84BA-08CE705C2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp2:x64:*:*:*:*:*",
              "matchCriteriaId": "7ADB520B-B847-4855-95B1-6CEA36D66C07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "93B86335-EF14-4E4F-B192-2A5323A47D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:itanium:*:*:*:*:*",
              "matchCriteriaId": "AA80EDC4-4E84-40BE-86D5-1825AFA85390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server:2005:sp3:x64:*:*:*:*:*",
              "matchCriteriaId": "0F3BF09C-04D2-4367-BE58-72AD396B4110",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:sql_server_reporting_services:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "377777D4-0649-4732-9E38-E4074056C561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "AE2F0B8B-0600-4324-93A9-07DBE97E1BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2876FC23-21A0-4F56-B0D9-11187173F7D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:expression_web:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6761A1C-EC1C-4B00-8126-D58DAB51267A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "69E6B9EB-D3F7-4C57-BF2F-61664E5C2C7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "08AF794A-435D-4171-9DBB-EB7FAED96DBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
              "matchCriteriaId": "34FA62BE-D804-402D-9BDD-68BC70ECCD76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C5C94F2C-786B-45E4-B80A-FC668D917014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_compatibility_pack:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "A4B44889-AEEB-4713-A047-C27B802DB257",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_excel_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A2613CE-C469-43AE-A590-87CE1FAADA8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:*:*:*:*:*:*:*",
              "matchCriteriaId": "828A3CB6-EB0A-4CCD-B786-7316564EE40A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_groove:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F646992A-D3B7-4474-8E0B-65B99086D844",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70B39422-2E91-4F2C-8338-8A9292956260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C3119-B118-41E2-9622-FD40C6CC4B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_powerpoint_viewer:2007:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B55849C3-649E-487B-B702-E2F4B25ECAB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office_word_viewer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E647A7B3-7A92-4584-BDA7-81752FF59411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9B14AE8E-1BFF-4458-87CC-357957F18F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D0D2C5C3-225C-49DC-B9C7-C5BC05900F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "1889A686-9565-4958-99BB-2EC24ABDF272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:word_viewer:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "5D7B01AE-F457-45C1-8A37-7ED65CAF8638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:works:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83EE0CCD-69AD-4705-9BB0-24688F7957F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:platform_sdk:*:*:redistrutable_gdi\\+:*:*:*:*:*",
              "matchCriteriaId": "5E9AC6E2-D6C2-48E1-87C5-86470AC622DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2005:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "86B3074F-1673-4439-8582-F2786D0ED54D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:*:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "28A57C4D-A305-4FF4-B9AC-853CAF7E30AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:report_viewer:2008:sp1:redistributable_package:*:*:*:*:*",
              "matchCriteriaId": "16FD5898-64D7-4F4F-A4C5-5E7BDF340E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "F40C30AF-7D70-4FE8-B7D1-F4734F791664",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:forefront_client_security:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "578221F3-4C20-4A3F-A286-5A4680E8785D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:8.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E5DE8B76-FA09-4EA2-9535-758C56C4C099",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_foxpro:9.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "5E711CC3-9094-4C54-A794-9C7A3E7F4AFA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka \"GDI+ WMF Integer Overflow Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en GDI+ en Microsoft Internet Explorer v6 SP1, Windows XP SP2 y SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 y SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold y SP3, Office Excel Viewer 2003 Gold y SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, y SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 y SP2, Expression Web, Expression Web 2, Groove 2007 Gold y SP1, Works v8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold y SP1, y Forefront Client Security v1.0 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de imagen WMF, tambi\u00e9n conocido como \"Vulnerabilidad de desbordamiento de entero GDI+ WMF\""
    }
  ],
  "id": "CVE-2009-2500",
  "lastModified": "2024-11-21T01:05:01.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-10-14T10:30:01.327",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5967"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-12 01:29
Modified
2024-11-21 03:59
Severity ?
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
References
secure@microsoft.comhttp://www.securityfocus.com/bid/103715Third Party Advisory, VDB Entry
secure@microsoft.comhttp://www.securitytracker.com/id/1040664Third Party Advisory, VDB Entry
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103715Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040664Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2010
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio 2017
microsoft visual_studio_2017 15.6.6
microsoft visual_studio_2017 15.7


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update5:*:*:*:*:*:*",
              "matchCriteriaId": "552ECB0E-21C4-4513-B410-6B91DB554FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update5:*:*:*:*:*:*",
              "matchCriteriaId": "6D17A077-7D51-459B-8BC6-6F6DE055A714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2017:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5DB2D78-534E-49B5-B460-41049F7238BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F340A138-F4E2-438C-8FEE-BEE1408D09AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:15.7:*:preview:*:*:*:*:*",
              "matchCriteriaId": "0A7C2BD8-E17D-4B0D-846A-7A6B01F78BA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka \"Microsoft Visual Studio Information Disclosure Vulnerability.\" This affects Microsoft Visual Studio."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando Visual Studio muestra incorrectamente contenidos limitados de memoria no inicializada cuando se compilan archivos PDB (Program Database). Esto tambi\u00e9n se conoce como \"Microsoft Visual Studio Information Disclosure Vulnerability\". Esto afecta a Microsoft Visual Studio."
    }
  ],
  "id": "CVE-2018-1037",
  "lastModified": "2024-11-21T03:59:02.330",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-12T01:29:10.423",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103715"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040664"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1037"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-908"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-08-09 20:15
Modified
2024-11-21 07:11
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Visual Studio Remote Code Execution Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777
af854a3a-2127-422b-91ae-364da2661108https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777
Impacted products
Vendor Product Version
microsoft visual_studio 2012
microsoft visual_studio 2013
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2022 17.0
microsoft visual_studio_2022 17.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "28CC44DA-DF23-400D-9299-7DF3EECD89E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "4A820094-4660-4CFA-BAF1-ED4DBF45AD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9984FFB-8AFA-438F-B762-B98649B64B23",
              "versionEndIncluding": "16.11",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3393F97F-05CD-4B04-A6E1-3D914652C4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB70FC91-06DB-4E92-9C0B-6FDE078F911B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Visual Studio Remote Code Execution Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota en Visual Studio. Este ID de CVE es diferente de CVE-2022-35825, CVE-2022-35826, CVE-2022-35827"
    }
  ],
  "id": "CVE-2022-35777",
  "lastModified": "2024-11-21T07:11:39.990",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-08-09T20:15:12.703",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:10
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka \u0027Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando el Diagnostics Hub Standard Collector Service maneja inapropiadamente las operaciones de archivo, tambi\u00e9n se conoce como \"Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1257, CVE-2020-1278"
    }
  ],
  "id": "CVE-2020-1293",
  "lastModified": "2024-11-21T05:10:10.917",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T20:15:19.303",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1293"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-07-29 17:30
Modified
2024-11-21 01:01
Severity ?
Summary
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka "ATL Uninitialized Object Vulnerability."
References
cve@mitre.orghttp://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
cve@mitre.orghttp://marc.info/?l=bugtraq&m=126592505426855&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=126592505426855&w=2
cve@mitre.orghttp://secunia.com/advisories/35967
cve@mitre.orghttp://secunia.com/advisories/36187
cve@mitre.orghttp://secunia.com/advisories/36374
cve@mitre.orghttp://secunia.com/advisories/36746
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
cve@mitre.orghttp://www.adobe.com/support/security/advisories/apsa09-04.htmlPatch
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb09-10.html
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb09-11.htmlPatch
cve@mitre.orghttp://www.adobe.com/support/security/bulletins/apsb09-13.html
cve@mitre.orghttp://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
cve@mitre.orghttp://www.securityfocus.com/bid/35832Patch
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-223A.htmlUS Government Resource
cve@mitre.orghttp://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2034
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2232
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
af854a3a-2127-422b-91ae-364da2661108http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=126592505426855&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/35967
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36187
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36374
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36746
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/advisories/apsa09-04.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-10.html
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-11.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.adobe.com/support/security/bulletins/apsb09-13.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/support/viewContent.do?externalId=7004997&sliceId=1
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35832Patch
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-195A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-223A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2034
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2232
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581
Impacted products
Vendor Product Version
microsoft visual_c\+\+ 2005
microsoft visual_c\+\+ 2008
microsoft visual_c\+\+ 2008
microsoft visual_studio 2005
microsoft visual_studio 2005
microsoft visual_studio 2008
microsoft visual_studio 2008
microsoft visual_studio_.net 2003


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2005:sp1_redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "FA86F8B2-0211-4FF6-BE07-2E2EC06DFC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "9BA98FBB-255F-4AC9-B035-54C60EEE022B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_c\\+\\+:2008:sp1_redistribution_pkg:*:*:*:*:*:*",
              "matchCriteriaId": "B20EDFCC-8C10-4EBF-BCC6-1A17362E6676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9271AF1C-9B1C-4ADB-9F54-E63EBA2910F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2005:sp1:64_bit_hosted_visual_c\\+\\+_tools:*:*:*:*:*",
              "matchCriteriaId": "9E35016A-D55F-4607-8716-77AACB7B166C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED077FFC-EBCC-4CD9-BF0E-0286B99C1965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "85959AEB-2FE5-4A25-B298-F8223CE260D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not prevent VariantClear calls on an uninitialized VARIANT, which allows remote attackers to execute arbitrary code via a malformed stream to an ATL (1) component or (2) control, related to ATL headers and error handling, aka \"ATL Uninitialized Object Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "La Active Template Library  (ATL) en Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 y 2008 Gold, y Visual C++ 2005 SP1 y 2008 Gold y SP1, no previene las llamadas VariantClear sobre una VARIAN sin inicializar, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un (1) componente o (2) control ATL. Relacionado con las cabeceras ATL y manejo de errores. Tambi\u00e9n conocida como \"Vulnerabilidad de objeto ATL sin inicializar\"."
    }
  ],
  "evaluatorImpact": "Please refer to this link http://www.microsoft.com/technet/security/Bulletin/MS09-035.mspx for mitigating factors and additional information.",
  "id": "CVE-2009-0901",
  "lastModified": "2024-11-21T01:01:11.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-07-29T17:30:00.953",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=126592505426855\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36374"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/36746"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/advisories/apsa09-04.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb09-13.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/viewContent.do?externalId=7004997\u0026sliceId=1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/35832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/2232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-09 20:15
Modified
2024-11-21 05:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.
References
secure@microsoft.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202Patch, Vendor Advisory
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft windows_10 -
microsoft windows_10 1607
microsoft windows_10 1709
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1903
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 1803
microsoft windows_server_2016 1903
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "718C39FC-A564-4CE4-B88F-C9D7108764DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE03B37D-72FE-4C25-BE62-9C422AEFC80E",
              "versionEndIncluding": "15.9",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B6534A-CCBC-4576-85A1-FAE04DC2ACFB",
              "versionEndIncluding": "16.6",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B14968-3985-43C3-ACE5-8307196EFAE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FB5CDAE-C713-4D9D-9D6A-2C2E8924A4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAACE735-003E-4ACB-A82E-C0CF97D7F013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B921FDB-8E7D-427E-82BE-4432585080CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka \u0027Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\u0027. This CVE ID is unique from CVE-2020-1203."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de elevaci\u00f3n de privilegios cuando Diagnostics Hub Standard Collector o Visual Studio Standard Collector presenta un fallo al manejar apropiadamente objetos en memoria, tambi\u00e9n se conoce como \"Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability\". Este ID de CVE es diferente de CVE-2020-1203"
    }
  ],
  "id": "CVE-2020-1202",
  "lastModified": "2024-11-21T05:09:58.110",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T20:15:13.663",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1202"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-12 20:15
Modified
2024-11-21 05:44
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680
Impacted products
Vendor Product Version
microsoft visual_studio 2015
microsoft visual_studio_2017 *
microsoft visual_studio_2019 *
microsoft visual_studio_2019 16.8
microsoft windows_10 -
microsoft windows_10 20h2
microsoft windows_10 1607
microsoft windows_10 1803
microsoft windows_10 1809
microsoft windows_10 1909
microsoft windows_10 2004
microsoft windows_server_2016 -
microsoft windows_server_2016 20h2
microsoft windows_server_2016 1909
microsoft windows_server_2016 2004
microsoft windows_server_2019 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*",
              "matchCriteriaId": "62FE95C2-066B-491D-82BF-3EF173822B2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "754856ED-0708-4505-B3CC-C3CF1818DD59",
              "versionEndIncluding": "15.8",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB2C7A8D-85BA-4BA5-868B-AABEBCCBCDE5",
              "versionEndIncluding": "16.7.0",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:16.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE9B863-01E5-486C-8B9D-6DC0F78222A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*",
              "matchCriteriaId": "E01A4CCA-4C43-46E0-90E6-3E4DBFBACD64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
              "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios del Diagnostics Hub Standard Collector. Este ID de CVE es diferente de CVE-2021-1651"
    }
  ],
  "id": "CVE-2021-1680",
  "lastModified": "2024-11-21T05:44:52.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-01-12T20:15:32.637",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1680"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}