Lucene search
ZhangYangZDI-22-733HistoryMay 10, 2022 - 12:00 a.m.
Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-05-1000:00:00
ZhangYang
www.zerodayinitiative.com
25
vulnerability
microsoft visual studio
dds file parsing
heap-based buffer overflow
remote code execution
user interaction
malicious file
specific flaw
crafted data
EPSS
0.006
Percentile
79.4%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files. Crafted data in a DDS file can trigger an overflow of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cvelist
cvelist
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability
2022-05-10 20:34:57
mscve
mscve
Visual Studio Remote Code Execution Vulnerability
2022-05-10 08:00:00
prion
prion
Remote code execution
2022-05-10 21:15:00
cve
cve
CVE-2022-29148
2022-05-10 21:15:13
nvd
nvd
CVE-2022-29148
2022-05-10 21:15:13
cnvd
cnvd
nessus
nessus
Security Updates for Microsoft Visual Studio Products (May 2022)
2022-05-12 00:00:00
kaspersky
kaspersky
KLA12535 Multiple vulnerabilities in Microsoft Developer Tools
2022-05-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - May 2022
2022-05-10 19:59:20