Microsoft Visual Studio vulnerability could allow escalation of privilege
Report ID: MS201203005
Date Published: 14 March 2012
Compromise Type: privilege-escalation
Compromise From: local-system
Microsoft Visual Studio 2008
Microsoft Visual Studio 2010
A vulnerability in Microsoft Visual Studio could allow an attacker to execute arbitrary code with escalated privileges.
Microsoft has issued a security update for Visual Studio to resolve a vulnerability that could be exploited to take control of an affected system. The vulnerability exists when loading add-ins from insecure file locations. Upon successful exploit, an attacker could execute arbitrary code with elevated privileges.
This vulnerability has been fixed in the update by correcting the way Visual Studio restricts where add-ins are loaded. Users are recommended to install this update as a protection againsts potential exploit.
Install the latest security patch for applicable system, available for download from (https://technet.microsoft.com/en-us/security/bulletin/ms12-021)