Search

Find a vulnerability

Search criteria

    80 vulnerabilities found for Microsoft Visual Studio 2022 version 17.0 by Microsoft

    CVE-2023-33170 (GCVE-0-2023-33170)

    Vulnerability from nvd – Published: 2023-07-11 17:03 – Updated: 2026-05-28 17:49
    VLAI
    Title
    ASP.NET and Visual Studio Security Feature Bypass Vulnerability
    Summary
    ASP.NET and Visual Studio Security Feature Bypass Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Date Public
    2023-07-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33170",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T16:24:03.916831Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T17:49:42.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.17",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.23",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.9",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.5",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.20",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.17",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.23",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.9",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.5",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.20",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.9",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:52:48.640Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
            }
          ],
          "title": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33170",
        "datePublished": "2023-07-11T17:03:13.113Z",
        "dateReserved": "2023-05-17T21:16:44.903Z",
        "dateUpdated": "2026-05-28T17:49:42.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33127 (GCVE-0-2023-33127)

    Vulnerability from nvd – Published: 2023-07-11 17:03 – Updated: 2026-05-28 17:50
    VLAI
    Title
    .NET and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    Date Public
    2023-07-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-14T16:27:46.690143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T17:50:14.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.20",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.23",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.17",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.9",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.5",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.6",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.20",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.9",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.23",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.17",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.9",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.5",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.13",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.6",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220: Insufficient Granularity of Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:51:49.527Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127"
            }
          ],
          "title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33127",
        "datePublished": "2023-07-11T17:03:05.826Z",
        "dateReserved": "2023-05-17T21:16:44.895Z",
        "dateUpdated": "2026-05-28T17:50:14.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-29331 (GCVE-0-2023-29331)

    Vulnerability from nvd – Published: 2023-06-14 14:52 – Updated: 2025-02-28 21:09
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.18 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.3 Affected: 7.3.0 , < 7.3.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:45.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:14.590937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:09:08.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2016",
                "Windows Server 2012 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2012 R2",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2022 (Server Core installation)",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:49.030Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-29331",
        "datePublished": "2023-06-14T14:52:19.830Z",
        "dateReserved": "2023-04-04T22:34:18.378Z",
        "dateUpdated": "2025-02-28T21:09:08.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24936 (GCVE-0-2023-24936)

    Vulnerability from nvd – Published: 2023-06-14 14:52 – Updated: 2025-01-01 01:43
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.18 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.3 Affected: 7.3.0 , < 7.3.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T14:48:19.526051Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:21:22.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2012 R2",
                "Windows Server 2016"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2019",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows Server 2019",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 R2",
                "Windows Server 2012",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for 32-bit Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:33.488Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-24936",
        "datePublished": "2023-06-14T14:52:19.301Z",
        "dateReserved": "2023-01-31T20:37:47.257Z",
        "dateUpdated": "2025-01-01T01:43:33.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24897 (GCVE-0-2023-24897)

    Vulnerability from nvd – Published: 2023-06-14 14:52 – Updated: 2025-01-01 01:43
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Affected: 15.9.0 , < 15.9.55 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.27 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2013 Update 5 Affected: 12.0.0 , < 12.0.40700.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2015 Update 3 Affected: 14.0.0 , < 14.0.27555.0 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T19:43:18.398305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T19:43:32.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.55",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.27",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2013 Update 5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.40700.0",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27555.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows Server 2019 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows 10 Version 1809 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2012",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2016",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.55",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.27",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                      "versionEndExcluding": "12.0.40700.0",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27555.0",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:32.304Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-24897",
        "datePublished": "2023-06-14T14:52:10.089Z",
        "dateReserved": "2023-01-31T20:32:35.472Z",
        "dateUpdated": "2025-01-01T01:43:32.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24895 (GCVE-0-2023-24895)

    Vulnerability from nvd – Published: 2023-06-14 14:52 – Updated: 2025-01-01 01:43
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.3 Affected: 7.3.0 , < 7.3.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:58:02.929435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:58:08.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:42.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2016",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows Server 2019",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2019 (Server Core installation)",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2022",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:32.903Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-24895",
        "datePublished": "2023-06-14T14:52:18.749Z",
        "dateReserved": "2023-01-31T20:32:35.471Z",
        "dateUpdated": "2025-01-01T01:43:32.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33139 (GCVE-0-2023-33139)

    Vulnerability from nvd – Published: 2023-06-13 23:25 – Updated: 2025-01-01 01:43
    VLAI
    Title
    Visual Studio Information Disclosure Vulnerability
    Summary
    Visual Studio Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T16:39:22.157046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T16:39:30.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.55",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.27",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2013 Update 5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.40702.0",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27554.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.55",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.27",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                      "versionEndExcluding": "12.0.40702.0",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27554.0",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:39.771Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
            }
          ],
          "title": "Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33139",
        "datePublished": "2023-06-13T23:25:55.404Z",
        "dateReserved": "2023-05-17T21:16:44.896Z",
        "dateUpdated": "2025-01-01T01:43:39.771Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33135 (GCVE-0-2023-33135)

    Vulnerability from nvd – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:58:48.967130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:59:00.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:15.801Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
            }
          ],
          "title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33135",
        "datePublished": "2023-06-13T23:26:26.390Z",
        "dateReserved": "2023-05-17T21:16:44.896Z",
        "dateUpdated": "2025-01-01T01:44:15.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33128 (GCVE-0-2023-33128)

    Vulnerability from nvd – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:18:33.333686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T14:18:51.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:12.674Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33128",
        "datePublished": "2023-06-13T23:26:22.949Z",
        "dateReserved": "2023-05-17T21:16:44.895Z",
        "dateUpdated": "2025-01-01T01:44:12.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33126 (GCVE-0-2023-33126)

    Vulnerability from nvd – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:17:17.554630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T14:17:47.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:12.050Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33126",
        "datePublished": "2023-06-13T23:26:22.404Z",
        "dateReserved": "2023-05-17T21:16:44.895Z",
        "dateUpdated": "2025-01-01T01:44:12.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32032 (GCVE-0-2023-32032)

    Vulnerability from nvd – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32032",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-22T20:01:37.888322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-22T20:01:48.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:11.443Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
            }
          ],
          "title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32032",
        "datePublished": "2023-06-13T23:26:21.832Z",
        "dateReserved": "2023-05-01T15:34:52.133Z",
        "dateUpdated": "2025-01-01T01:44:11.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28299 (GCVE-0-2023-28299)

    Vulnerability from nvd – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Spoofing Vulnerability
    Summary
    Visual Studio Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:23.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.54",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.54",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:20.556Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
            }
          ],
          "title": "Visual Studio Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28299",
        "datePublished": "2023-04-11T19:13:59.381Z",
        "dateReserved": "2023-03-13T22:23:36.189Z",
        "dateUpdated": "2025-01-23T01:05:20.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28296 (GCVE-0-2023-28296)

    Vulnerability from nvd – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Visual Studio Remote Code Execution Vulnerability
    CWE
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:24.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.54",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.54",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415: Double Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:20.136Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28296",
        "datePublished": "2023-04-11T19:13:58.852Z",
        "dateReserved": "2023-03-13T22:23:36.188Z",
        "dateUpdated": "2025-01-23T01:05:20.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28263 (GCVE-0-2023-28263)

    Vulnerability from nvd – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Information Disclosure Vulnerability
    Summary
    Visual Studio Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T15:43:42.993245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T15:43:49.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170: Improper Null Termination",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:18.837Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
            }
          ],
          "title": "Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28263",
        "datePublished": "2023-04-11T19:13:57.714Z",
        "dateReserved": "2023-03-13T22:18:32.393Z",
        "dateUpdated": "2025-01-23T01:05:18.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28262 (GCVE-0-2023-28262)

    Vulnerability from nvd – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Elevation of Privilege Vulnerability
    Summary
    Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.747Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28262",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-07T15:40:10.106998Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-07T15:40:19.632Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:18.042Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28262"
            }
          ],
          "title": "Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28262",
        "datePublished": "2023-04-11T19:13:57.191Z",
        "dateReserved": "2023-03-13T22:18:32.393Z",
        "dateUpdated": "2025-01-23T01:05:18.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28260 (GCVE-0-2023-28260)

    Vulnerability from nvd – Published: 2023-04-11 19:13 – Updated: 2026-05-28 18:13
    VLAI
    Title
    .NET DLL Hijacking Remote Code Execution Vulnerability
    Summary
    .NET DLL Hijacking Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET DLL Hijacking Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T18:19:25.437289Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T18:13:55.892Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.16",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.5",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.4",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.11",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.16",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.5",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.4",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.11",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET DLL Hijacking Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:17.536Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET DLL Hijacking Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28260"
            }
          ],
          "title": ".NET DLL Hijacking Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28260",
        "datePublished": "2023-04-11T19:13:56.662Z",
        "dateReserved": "2023-03-13T22:18:32.391Z",
        "dateUpdated": "2026-05-28T18:13:55.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33170 (GCVE-0-2023-33170)

    Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2026-05-28 17:49
    VLAI
    Title
    ASP.NET and Visual Studio Security Feature Bypass Vulnerability
    Summary
    ASP.NET and Visual Studio Security Feature Bypass Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Date Public
    2023-07-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVZVMMCCBBCSCPAW2CRQGOTKIHVFCMRO/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TLWNIIA2I6YCYVCXYBPBRSZ3UH6KILTG/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3VJRGNYJXGPF5LXUG3NL45QPK2UU6PL/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5CFOR6ID2HP45E7ZOGQNX76FPIWP7XR/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33170",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-03T16:24:03.916831Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T17:49:42.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.17",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.23",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.9",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.5",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.20",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.17",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.23",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.9",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.5",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.20",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.9",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:52:48.640Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33170"
            }
          ],
          "title": "ASP.NET and Visual Studio Security Feature Bypass Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33170",
        "datePublished": "2023-07-11T17:03:13.113Z",
        "dateReserved": "2023-05-17T21:16:44.903Z",
        "dateUpdated": "2026-05-28T17:49:42.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-33127 (GCVE-0-2023-33127)

    Vulnerability from cvelistv5 – Published: 2023-07-11 17:03 – Updated: 2026-05-28 17:50
    VLAI
    Title
    .NET and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1220 - Insufficient Granularity of Access Control
    Assigner
    References
    Date Public
    2023-07-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33127",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-14T16:27:46.690143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T17:50:14.950Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.20",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.9",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.23",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.17",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.9",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.5",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.13",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.6",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.20",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.9",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.23",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.17",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.9",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.5",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.13",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.6",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1220",
                  "description": "CWE-1220: Insufficient Granularity of Access Control",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:51:49.527Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33127"
            }
          ],
          "title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33127",
        "datePublished": "2023-07-11T17:03:05.826Z",
        "dateReserved": "2023-05-17T21:16:44.895Z",
        "dateUpdated": "2026-05-28T17:50:14.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-29331 (GCVE-0-2023-29331)

    Vulnerability from cvelistv5 – Published: 2023-06-14 14:52 – Updated: 2025-02-28 21:09
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.18 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.3 Affected: 7.3.0 , < 7.3.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:07:45.647Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-29331",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T20:20:14.590937Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T21:09:08.560Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2016",
                "Windows Server 2012 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2012 R2",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2022 (Server Core installation)",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:49.030Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-29331",
        "datePublished": "2023-06-14T14:52:19.830Z",
        "dateReserved": "2023-04-04T22:34:18.378Z",
        "dateUpdated": "2025-02-28T21:09:08.560Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24936 (GCVE-0-2023-24936)

    Vulnerability from cvelistv5 – Published: 2023-06-14 14:52 – Updated: 2025-01-01 01:43
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.18 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.3 Affected: 7.3.0 , < 7.3.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24936",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-29T14:48:19.526051Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:21:22.183Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.705Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2012 R2",
                "Windows Server 2016"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022",
                "Windows Server 2019",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows Server 2019",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 R2",
                "Windows Server 2012",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2022",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for 32-bit Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for 32-bit Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:33.488Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-24936",
        "datePublished": "2023-06-14T14:52:19.301Z",
        "dateReserved": "2023-01-31T20:37:47.257Z",
        "dateUpdated": "2025-01-01T01:43:33.488Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24895 (GCVE-0-2023-24895)

    Vulnerability from cvelistv5 – Published: 2023-06-14 14:52 – Updated: 2025-01-01 01:43
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.3 Affected: 7.3.0 , < 7.3.5 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 2.0 Service Pack 2 Affected: 2.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.0 Service Pack 2 Affected: 3.0.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5.1 Affected: 3.5.0 , < 3.0.6920.8954; 2.0.50727.8970 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24895",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:58:02.929435Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:58:08.964Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:42.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2016",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows Server 2019",
                "Windows Server 2022 (Server Core installation)",
                "Windows Server 2019 (Server Core installation)",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows Server 2022",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 2.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2"
              ],
              "product": "Microsoft .NET Framework 3.0 Service Pack 2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "3.0.6920.8954; 2.0.50727.8970",
                  "status": "affected",
                  "version": "3.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "3.0.6920.8954; 2.0.50727.8970",
                      "versionStartIncluding": "3.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:32.903Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-24895",
        "datePublished": "2023-06-14T14:52:18.749Z",
        "dateReserved": "2023-01-31T20:32:35.471Z",
        "dateUpdated": "2025-01-01T01:43:32.903Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-24897 (GCVE-0-2023-24897)

    Vulnerability from cvelistv5 – Published: 2023-06-14 14:52 – Updated: 2025-01-01 01:43
    VLAI
    Title
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Affected: 15.9.0 , < 15.9.55 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.2 Affected: 17.2.0 , < 17.2.16 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Affected: 16.11.0 , < 16.11.27 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.0 Affected: 17.0.0 , < 17.0.22 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.4 Affected: 17.4.0 , < 17.4.8 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2013 Update 5 Affected: 12.0.0 , < 12.0.40700.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2015 Update 3 Affected: 14.0.0 , < 14.0.27555.0 (custom)
    Create a notification for this product.
    Microsoft .NET 7.0 Affected: 7.0.0 , < 7.0.7 (custom)
    Create a notification for this product.
    Microsoft .NET 6.0 Affected: 6.0.0 , < 6.0.18 (custom)
    Create a notification for this product.
    Microsoft Microsoft Visual Studio 2022 version 17.6 Affected: 17.6.0 , < 17.6.3 (custom)
    Create a notification for this product.
    Microsoft PowerShell 7.2 Affected: 7.2.0 , < 7.2.12 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.8 Affected: 4.8.0 , < 4.8.4644.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.7.2 Affected: 4.7.0 , < 4.7.4050.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Affected: 3.0.0.0 , < 10.0.14393.5989 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 AND 4.8.1 Affected: 4.8.1 , < 4.8.9166.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 4.6.2 Affected: 4.7.0 , < 4.7.04043.0 (custom)
    Create a notification for this product.
    Microsoft Microsoft .NET Framework 3.5 and 4.6.2 Affected: 4.7.0 , < 10.0.10240.19983 (custom)
    Create a notification for this product.
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:11:43.453Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-24897",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T19:43:18.398305Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T19:43:32.943Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.55",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.27",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2013 Update 5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.40700.0",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27555.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows Server 2019 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows 10 Version 1809 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows 10 Version 1607 for 32-bit Systems",
                "Windows Server 2012",
                "Windows Server 2016",
                "Windows Server 2016 (Server Core installation)",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2012 R2 (Server Core installation)",
                "Windows Server 2012 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.8",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.4644.0",
                  "status": "affected",
                  "version": "4.8.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 Version 1809 for 32-bit Systems",
                "Windows 10 Version 1809 for x64-based Systems",
                "Windows 10 Version 1809 for ARM64-based Systems",
                "Windows Server 2019",
                "Windows Server 2019 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.4050.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2016",
                "Windows 10 Version 1607 for x64-based Systems",
                "Windows Server 2016 (Server Core installation)",
                "Windows 10 Version 1607 for 32-bit Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.14393.5989",
                  "status": "affected",
                  "version": "3.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
                "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
                "Windows Server 2012",
                "Windows Server 2012 (Server Core installation)",
                "Windows Server 2012 R2",
                "Windows Server 2012 R2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2022",
                "Windows Server 2022 (Server Core installation)",
                "Windows 11 version 21H2 for x64-based Systems",
                "Windows 10 Version 21H2 for 32-bit Systems",
                "Windows 10 Version 21H2 for ARM64-based Systems",
                "Windows 11 version 21H2 for ARM64-based Systems",
                "Windows 10 Version 21H2 for x64-based Systems",
                "Windows 11 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for x64-based Systems",
                "Windows 10 Version 22H2 for 32-bit Systems",
                "Windows 11 Version 22H2 for ARM64-based Systems",
                "Windows 10 Version 22H2 for ARM64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.8.9166.0",
                  "status": "affected",
                  "version": "4.8.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
                "Windows Server 2008 for 32-bit Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2",
                "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
              ],
              "product": "Microsoft .NET Framework 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "4.7.04043.0",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Windows 10 for 32-bit Systems",
                "Windows 10 for x64-based Systems"
              ],
              "product": "Microsoft .NET Framework 3.5 and 4.6.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "10.0.10240.19983",
                  "status": "affected",
                  "version": "4.7.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.55",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.27",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                      "versionEndExcluding": "12.0.40700.0",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27555.0",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.4644.0",
                      "versionStartIncluding": "4.8.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.4050.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.14393.5989",
                      "versionStartIncluding": "3.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.8.9166.0",
                      "versionStartIncluding": "4.8.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "4.7.04043.0",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "10.0.10240.19983",
                      "versionStartIncluding": "4.7.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122: Heap-based Buffer Overflow",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:32.304Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897"
            }
          ],
          "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-24897",
        "datePublished": "2023-06-14T14:52:10.089Z",
        "dateReserved": "2023-01-31T20:32:35.472Z",
        "dateUpdated": "2025-01-01T01:43:32.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33135 (GCVE-0-2023-33135)

    Vulnerability from cvelistv5 – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Elevation of Privilege
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33135",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T14:58:48.967130Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T14:59:00.865Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:15.801Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135"
            }
          ],
          "title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33135",
        "datePublished": "2023-06-13T23:26:26.390Z",
        "dateReserved": "2023-05-17T21:16:44.896Z",
        "dateUpdated": "2025-01-01T01:44:15.801Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33128 (GCVE-0-2023-33128)

    Vulnerability from cvelistv5 – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33128",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:18:33.333686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T14:18:51.143Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416: Use After Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:12.674Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33128",
        "datePublished": "2023-06-13T23:26:22.949Z",
        "dateReserved": "2023-05-17T21:16:44.895Z",
        "dateUpdated": "2025-01-01T01:44:12.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33126 (GCVE-0-2023-33126)

    Vulnerability from cvelistv5 – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Remote Code Execution Vulnerability
    Summary
    .NET and Visual Studio Remote Code Execution Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Remote Code Execution
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33126",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-08T14:17:17.554630Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-08T14:17:47.264Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 6.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "6.0.18",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.2.12",
                  "status": "affected",
                  "version": "7.2.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "6.0.18",
                      "versionStartIncluding": "6.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.2.12",
                      "versionStartIncluding": "7.2.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:12.050Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126"
            }
          ],
          "title": ".NET and Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33126",
        "datePublished": "2023-06-13T23:26:22.404Z",
        "dateReserved": "2023-05-17T21:16:44.895Z",
        "dateUpdated": "2025-01-01T01:44:12.050Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-32032 (GCVE-0-2023-32032)

    Vulnerability from cvelistv5 – Published: 2023-06-13 23:26 – Updated: 2025-01-01 01:44
    VLAI
    Title
    .NET and Visual Studio Elevation of Privilege Vulnerability
    Summary
    .NET and Visual Studio Elevation of Privilege Vulnerability
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-32032",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-22T20:01:37.888322Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-22T20:01:48.177Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:03:28.638Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": ".NET 7.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "7.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "PowerShell 7.3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "7.3.5",
                  "status": "affected",
                  "version": "7.3.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "7.0.7",
                      "versionStartIncluding": "7.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                      "versionEndExcluding": "7.3.5",
                      "versionStartIncluding": "7.3.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": ".NET and Visual Studio Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:44:11.443Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": ".NET and Visual Studio Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032"
            }
          ],
          "title": ".NET and Visual Studio Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-32032",
        "datePublished": "2023-06-13T23:26:21.832Z",
        "dateReserved": "2023-05-01T15:34:52.133Z",
        "dateUpdated": "2025-01-01T01:44:11.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33139 (GCVE-0-2023-33139)

    Vulnerability from cvelistv5 – Published: 2023-06-13 23:25 – Updated: 2025-01-01 01:43
    VLAI
    Title
    Visual Studio Information Disclosure Vulnerability
    Summary
    Visual Studio Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Date Public
    2023-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-33139",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-02T16:39:22.157046Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-02T16:39:30.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.55",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.16",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.27",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.22",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.8",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2013 Update 5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "12.0.40702.0",
                  "status": "affected",
                  "version": "12.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2015 Update 3",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "14.0.27554.0",
                  "status": "affected",
                  "version": "14.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.6",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.6.3",
                  "status": "affected",
                  "version": "17.6.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.55",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.16",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.27",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.22",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.8",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update_5:*:*:*:*:*:*",
                      "versionEndExcluding": "12.0.40702.0",
                      "versionStartIncluding": "12.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:update3:*:*:*:*:*:*",
                      "versionEndExcluding": "14.0.27554.0",
                      "versionStartIncluding": "14.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.6.3",
                      "versionStartIncluding": "17.6.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125: Out-of-bounds Read",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:43:39.771Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139"
            }
          ],
          "title": "Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-33139",
        "datePublished": "2023-06-13T23:25:55.404Z",
        "dateReserved": "2023-05-17T21:16:44.896Z",
        "dateUpdated": "2025-01-01T01:43:39.771Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28299 (GCVE-0-2023-28299)

    Vulnerability from cvelistv5 – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Spoofing Vulnerability
    Summary
    Visual Studio Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:23.931Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.54",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.54",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:20.556Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28299"
            }
          ],
          "title": "Visual Studio Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28299",
        "datePublished": "2023-04-11T19:13:59.381Z",
        "dateReserved": "2023-03-13T22:23:36.189Z",
        "dateUpdated": "2025-01-23T01:05:20.556Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28296 (GCVE-0-2023-28296)

    Vulnerability from cvelistv5 – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Remote Code Execution Vulnerability
    Summary
    Visual Studio Remote Code Execution Vulnerability
    CWE
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:38:24.531Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Remote Code Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "15.9.54",
                  "status": "affected",
                  "version": "15.9.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "15.9.54",
                      "versionStartIncluding": "15.9.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Remote Code Execution Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-415",
                  "description": "CWE-415: Double Free",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:20.136Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Remote Code Execution Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28296"
            }
          ],
          "title": "Visual Studio Remote Code Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28296",
        "datePublished": "2023-04-11T19:13:58.852Z",
        "dateReserved": "2023-03-13T22:23:36.188Z",
        "dateUpdated": "2025-01-23T01:05:20.136Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-28263 (GCVE-0-2023-28263)

    Vulnerability from cvelistv5 – Published: 2023-04-11 19:13 – Updated: 2025-01-23 01:05
    VLAI
    Title
    Visual Studio Information Disclosure Vulnerability
    Summary
    Visual Studio Information Disclosure Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-170 - Improper Null Termination
    Assigner
    References
    Date Public
    2023-04-11 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-28263",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-12T15:43:42.993245Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-12T15:43:49.201Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:30:24.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Visual Studio Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.2",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.2.15",
                  "status": "affected",
                  "version": "17.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.11.26",
                  "status": "affected",
                  "version": "16.11.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.0",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.0.21",
                  "status": "affected",
                  "version": "17.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.4",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.4.7",
                  "status": "affected",
                  "version": "17.4.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Visual Studio 2022 version 17.5",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "17.5.4",
                  "status": "affected",
                  "version": "17.5.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.2.15",
                      "versionStartIncluding": "17.2.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.11.26",
                      "versionStartIncluding": "16.11.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.0.21",
                      "versionStartIncluding": "17.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.4.7",
                      "versionStartIncluding": "17.4.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "17.5.4",
                      "versionStartIncluding": "17.5.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-04-11T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Visual Studio Information Disclosure Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-170",
                  "description": "CWE-170: Improper Null Termination",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-23T01:05:18.837Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Visual Studio Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28263"
            }
          ],
          "title": "Visual Studio Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-28263",
        "datePublished": "2023-04-11T19:13:57.714Z",
        "dateReserved": "2023-03-13T22:18:32.393Z",
        "dateUpdated": "2025-01-23T01:05:18.837Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }