Description
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
E
Unchanged
RL
O
RC
Changed
Affected products
- Microsoft / Microsoft Visual Studio 2015 Update 314.0.0 – 14.0.27564.0
- Microsoft / Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)15.9.0 – 15.9.75
- Microsoft / Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)16.11.0 – 16.11.49
- Microsoft / Microsoft Visual Studio 2022 version 17.1017.10.0 – 17.10.17
- Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.10
- Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.8
- Microsoft / Microsoft Visual Studio 2022 version 17.817.8.0 – 17.8.23