Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB5026455
HistoryJun 13, 2023 - 7:00 a.m.

Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2015 Update 3: June 13, 2023 (KB5026455)

2023-06-1307:00:00
Microsoft
support.microsoft.com
14
microsoft
visual studio 2015
update 3
information disclosure
vsgraphics
vulnerability
cve-2023-27911
cve-2023-27910
cve-2023-27909
cve-2023-33139
security update
third-party component
installation
file hash
verification
windows security

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON

Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2015 Update 3: June 13, 2023 (KB5026455)

**Applies to:**All Visual Studio 2015 Update 3 editions except Isolated and Integrated Shells, Build Tools, Remote Tools, and Express for Web.

Summary

An information disclosure vulnerability exists within VSGraphics in Microsoft Visual Studio 2015 when it incorrectly handles objects in memory.To learn more about the vulnerability, see CVE-2023-27911, CVE-2023-27910, CVE-2023-27909, and CVE-2023-33139.As part of this update, we are removing .fbx and .dae support. Support for these model formats has been provided by a third-party component (x86) that is no longer supported by the author. Affected users should use the fbx editor.

__

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

How to obtain and install the update

Method 1: Microsoft Download

The following file is available for download:Download icon Download the hotfix package now.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

More information

Prerequisites

To apply this security update, you must have Visual Studio 2015 Update 3 installed.

Restart requirement

We recommend that you close Visual Studio 2015 before you install this security update. Otherwise, you may have to restart the computer after you apply this security update if a file that is being updated is open or in use by Visual Studio.

Security update replacement information

This security update doesn’t replace other security updates.

File hash information

File name SHA256 hash
vs14-kb5026455.exe 5b615281874845c6739fcbb56772dd92d41e822f9a1f7d99fc3df64a6532c4c3

Installation verification

To verify that this security update is applied correctly, follow these steps:

  1. Open the Visual Studio 2015 program folder.
  2. Locate the VsGraphics.exe and VsGraphicsCore.dll files in the Microsoft Visual Studio 14.0\Common7\IDE\Extensions\Microsoft\VsGraphics folder.
  3. Verify that the file version is equal to or greater than 14.0.27554**.0**.
    If you elected to install the optional component (Windows 8.1 and Windows Phone 8.0/8.1 Tools), follow these additional steps:
  4. Locate the VsGraphics.exe and VsGraphicsCore.dll files in the Microsoft Visual Studio 12.0\Common7\IDE\Extensions\Microsoft\VsGraphics folder.
  5. Verify that the file version is equal to or greater than 12.0.40702**.0**.
  6. Locate the VsGraphics.exe and VsGraphicsCore.dll files in the Microsoft Visual Studio 11.0\Common7\IDE\Extensions\Microsoft\VsGraphics folder.
  7. Verify that the file version is equal to or greater than 11**.0.61253.402**.

Information about protection and security

Protect yourself online: Windows Security supportLearn how we guard against cyber threats: Microsoft Security

Related

mskb 2
nessus 4
kaspersky 3
cve 4
nvd 4
mscve 4
prion 4
cvelist 4
zdi 2
openvas 2
rapid7blog 1
avleonov 1
mskb
mskb
Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2013 Update 5: June 13, 2023 (KB5026454)
2023-06-13 07:00:00
Description of the security update for Visio 2016: March 12, 2024 (KB5002565)
2023-08-08 07:00:00
nessus
nessus
Autodesk FBX-SDK library < 2020.3.4 Multiple Vulnerabilities (ADSK-SA-2023-0004)
2023-04-06 00:00:00
Security Updates for Microsoft Visual Studio Products (June 2023)
2023-06-13 00:00:00
Security Updates for Microsoft Office Products (Sep 2023) (macOS)
2023-09-12 00:00:00
kaspersky
kaspersky
KLA60730 Multiple vulnerabilities in Microsoft Apps
2023-06-13 00:00:00
KLA50317 Multiple vulnerabilities in Microsoft Developer Tools
2023-06-13 00:00:00
KLA50318 Multiple vulnerabilities in Microsoft Office
2023-06-13 00:00:00
cve
cve
CVE-2023-33139
2023-06-14 00:15:12
CVE-2023-27911
2023-04-17 21:15:07
CVE-2023-27910
2023-04-17 21:15:07
nvd
nvd
CVE-2023-33139
2023-06-14 00:15:12
CVE-2023-27910
2023-04-17 21:15:07
CVE-2023-27909
2023-04-17 21:15:07
mscve
mscve
AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior
2023-06-13 07:00:00
AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior
2023-06-13 07:00:00
AutoDesk: CVE-2023-27911 Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior
2023-06-13 07:00:00
prion
prion
Information disclosure
2023-06-14 00:15:00
Stack overflow
2023-04-17 21:15:00
Heap overflow
2023-04-17 21:15:00
cvelist
cvelist
CVE-2023-33139 Visual Studio Information Disclosure Vulnerability
2023-06-13 23:25:55
CVE-2023-27910
2023-04-17 00:00:00
CVE-2023-27909
2023-04-17 00:00:00
zdi
zdi
Microsoft Office Word FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-09-12 00:00:00
(0Day) Microsoft 3D Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2023-05-31 00:00:00
openvas
openvas
Microsoft Office 2019 Multiple Vulnerabilities (Sep 2023) - Mac OS X
2023-09-14 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Sep 2023)
2023-09-14 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - June 2023
2023-06-13 20:49:27
avleonov
avleonov
Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP
2023-06-25 00:35:58

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.1%

JSON
Related for KB5026455
mskb2nessus4kaspersky3cve4nvd4mscve4prion4cvelist4zdi2openvas2rapid7blog1avleonov1