Description
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Unchanged
RL
O
RC
Changed
Affected products
- Microsoft / Build Tools for Visual Studio 202217.0 – Fixed Version 17.13.7
- Microsoft / Microsoft Visual Studio 2022 version 17.1017.10.0 – 17.10.15
- Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.8
- Microsoft / Microsoft Visual Studio 2022 version 17.1317.13.0 – 17.13.7
- Microsoft / Microsoft Visual Studio 2022 version 17.817.8.0 – 17.8.21
- Microsoft / .NET 8.08.0.0 – 8.0.16
- Microsoft / .NET 9.09.0.0 – 9.0.5