Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-16874
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Visual Studio Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Visual Studio 代码注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Visual Studio是美国微软(Microsoft)公司的一款开发工具套件系列产品,也是一个基本完整的开发工具集,它包括了整个软件生命周期中所需要的大部分工具。 Microsoft Visual Studio中存在代码注入漏洞。该漏洞源于不正确地处理内存中的对象。攻击者可利用该漏洞执行客户端代码。以下产品及版本受到影响: Microsoft Visual Studio 2017 15.9 (包含15.0-15.8)版本, Microsoft Visual Studio 2019
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
MicrosoftMicrosoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) 16.0.0 ~ publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
MicrosoftMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) 15.9.0 ~ publication cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
MicrosoftMicrosoft Visual Studio 2019 version 16.0 16.0 ~ publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
MicrosoftMicrosoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) 16.0 ~ publication cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
MicrosoftMicrosoft Visual Studio 2012 Update 5 11.0.0 ~ publication cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*
MicrosoftMicrosoft Visual Studio 2013 Update 5 12.0.0 ~ publication cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*
MicrosoftMicrosoft Visual Studio 2015 Update 3 14.0.0 ~ publication cpe:2.3:a:microsoft:visual_studio:2015:update3:*:*:*:*:*:*
II. Public POCs for CVE-2020-16874
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-16874
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Same vendor: Microsoft
V. Comments for CVE-2020-16874

No comments yet

Leave a comment