Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Vulnerability protection

Microsoft Visual Studio vulnerability could allow escalation of privilege


Report ID: MS201203005
Date Published: 14 March 2012

Criticality: Important
Compromise Type: privilege-escalation
Compromise From: local-system


Affected Product/Component:

Microsoft Visual Studio 2008
Microsoft Visual Studio 2010




Summary

A vulnerability in Microsoft Visual Studio could allow an attacker to execute arbitrary code with escalated privileges.



Detailed Description

Microsoft has issued a security update for Visual Studio to resolve a vulnerability that could be exploited to take control of an affected system. The vulnerability exists when loading add-ins from insecure file locations. Upon successful exploit, an attacker could execute arbitrary code with elevated privileges.

This vulnerability has been fixed in the update by correcting the way Visual Studio restricts where add-ins are loaded. Users are recommended to install this update as a protection againsts potential exploit.



CVE Reference

CVE-2012-0008



Solution

Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-021)



Security Advisories

For a list of known vulnerabilities affecting F-Secure products and the released fixes, please refer to the Security Advisories page.