Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-16856
HistorySep 11, 2020 - 5:15 p.m.

CVE-2020-16856

2020-09-1117:15:16
[email protected]
web.nvd.nist.gov
81
4
remote code execution
visual studio
cve-2020-16856
vulnerability
memory handling

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.012 Low

EPSS

Percentile

85.0%

JSON

<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>
<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>

Affected configurations

Vulners
NVD
Node
microsoftmicrosoft_visual_studio_2019_16.7 (includes 16.0 – 16.6)Match16.0.0
OR
microsoftmicrosoft_visual_studio_2017_15.9 (includes 15.0 - 15.8)Match15.9.0
OR
microsoftmicrosoft_visual_studio_2019_16.0Match16.0
OR
microsoftmicrosoft_visual_studio_2019_16.4 (includes 16.0 - 16.3)Match16.0
OR
microsoftvisual_studioRange11.0.020125
OR
microsoftvisual_studioRange12.0.020135
OR
microsoftvisual_studioRange14.0.020153
VendorProductVersionCPE
microsoftmicrosoft_visual_studio_2019_16.7 (includes 16.0 – 16.6)16.0.0cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.7 (includes 16.0 – 16.6):16.0.0:*:*:*:*:*:*:*
microsoftmicrosoft_visual_studio_2017_15.9 (includes 15.0 - 15.8)15.9.0cpe:2.3:a:microsoft:microsoft_visual_studio_2017_15.9 (includes 15.0 - 15.8):15.9.0:*:*:*:*:*:*:*
microsoftmicrosoft_visual_studio_2019_16.016.0cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.0:16.0:*:*:*:*:*:*:*
microsoftmicrosoft_visual_studio_2019_16.4 (includes 16.0 - 16.3)16.0cpe:2.3:a:microsoft:microsoft_visual_studio_2019_16.4 (includes 16.0 - 16.3):16.0:*:*:*:*:*:*:*
microsoftvisual_studio*cpe:2.3:a:microsoft:visual_studio:*:5:*:*:*:*:*:*
microsoftvisual_studio*cpe:2.3:a:microsoft:visual_studio:*:5:*:*:*:*:*:*
microsoftvisual_studio*cpe:2.3:a:microsoft:visual_studio:*:3:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "15.9.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2019 version 16.0",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "16.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2012 Update 5",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "11.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2013 Update 5",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "12.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Microsoft",
    "product": "Microsoft Visual Studio 2015 Update 3",
    "cpes": [
      "cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*"
    ],
    "platforms": [
      "Unknown"
    ],
    "versions": [
      {
        "version": "14.0.0",
        "lessThan": "publication",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Social References

More

Related

zdi 1
prion 1
mscve 1
cvelist 1
nvd 1
mskb 3
nessus 1
kaspersky 1
avleonov 1
oracle 1
zdi
zdi
Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Vulnerability
2020-09-10 00:00:00
prion
prion
Remote code execution
2020-09-11 17:15:00
mscve
mscve
Visual Studio Remote Code Execution Vulnerability
2020-09-08 07:00:00
cvelist
cvelist
CVE-2020-16856 Visual Studio Remote Code Execution Vulnerability
2020-09-11 17:08:40
nvd
nvd
CVE-2020-16856
2020-09-11 17:15:16
mskb
mskb
Description of the security update for Microsoft Visual Studio 2013 Update 5: September 8, 2020
2020-09-08 07:00:00
Description of the security update for Microsoft Visual Studio 2012 Update 5: September 8, 2020
2020-09-07 00:00:00
Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2015 Update 3: September 8, 2020
2020-09-08 07:00:00
nessus
nessus
Security Updates for Microsoft Visual Studio Products (September 2020)
2020-09-10 00:00:00
kaspersky
kaspersky
KLA11956 Multiple vulnerabilities in Microsoft Developer Tools
2020-09-08 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange
2020-09-30 23:46:21
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.012 Low

EPSS

Percentile

85.0%

JSON
Related for CVE-2020-16856
zdi1prion1mscve1cvelist1nvd1mskb3nessus1kaspersky1avleonov1oracle1