Description
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
E
Unchanged
RL
O
RC
Changed
Affected products
- Microsoft / Microsoft Visual Studio 2022 version 17.1217.12.0 – 17.12.20
- Microsoft / Microsoft Visual Studio 2022 version 17.1417.14.0 – 17.14.32
- Microsoft / Microsoft Visual Studio 2026 version 18.518.5.0 – 18.5.3
- Microsoft / .NET 10.010.0.0 – 10.0.8
- Microsoft / .NET 8.08.0.0 – 8.0.27
- Microsoft / .NET 9.09.0.0 – 9.0.16