CVE-2023-36759 : Visual Studio Elevation of Privilege Vulnerability

Visual Studio Elevation of Privilege Vulnerability

Published 2023-09-12 17:15:12

Updated 2024-05-29 03:16:00

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-36759

Microsoft » Visual Studio 2019
Versions from including (>=) 16.0 and before (<) 16.11.30
cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio 2022
Versions from including (>=) 17.2.0 and before (<) 17.2.19
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio 2022
Versions from including (>=) 17.4.0 and before (<) 17.4.11
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio 2022
Versions from including (>=) 17.6.0 and before (<) 17.6.7
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Visual Studio 2022
Versions from including (>=) 17.7.0 and before (<) 17.7.4
cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.7	MEDIUM	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H	0.8	5.9	Microsoft Corporation
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-822 Untrusted Pointer Dereference

The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer.

Assigned by: secure@microsoft.com (Secondary)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36759

CVE-2023-36759 - Security Update Guide - Microsoft - Visual Studio Elevation of Privilege Vulnerability
Patch;Vendor Advisory

Jump to