1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Vulnerability protection

Microsoft Visual Studio vulnerability could allow escalation of privilege

Report ID: MS201203005
Date Published: 14 March 2012

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system

Affected Product/Component:

Microsoft Visual Studio 2008
Microsoft Visual Studio 2010


A vulnerability in Microsoft Visual Studio could allow an attacker to execute arbitrary code with escalated privileges.

Detailed Description

Microsoft has issued a security update for Visual Studio to resolve a vulnerability that could be exploited to take control of an affected system. The vulnerability exists when loading add-ins from insecure file locations. Upon successful exploit, an attacker could execute arbitrary code with elevated privileges.

This vulnerability has been fixed in the update by correcting the way Visual Studio restricts where add-ins are loaded. Users are recommended to install this update as a protection againsts potential exploit.

CVE Reference



Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-021)

Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.