Microsoft Visual Studio Spoofing Vulnerability (CNVD-2023-29698)

2023-04-1600:00:00

China National Vulnerability Database

www.cnvd.org.cn

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

JSON

Microsoft Visual Studio is a family of development tools from Microsoft Corporation (USA), and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Microsoft Visual Studio is vulnerable to a spoofing vulnerability that can be exploited by attackers with specially crafted websites to spoof content and trick users into believing the site is legitimate, in combination with other vulnerabilities in the web service to launch an attack.

CPENameOperatorVersion
microsoft visual studio 2017 >=15.0，lt15.9.54
microsoft visual studio 2019 >=16.0，lt16.11.26
microsoft visual studio 2022 >=17.0.0，lt17.0.21
microsoft visual studio 2022 >=17.2.0，lt17.2.15
microsoft visual studio 2022 >=17.4.0，lt17.4.7
microsoft visual studio 2022 >=17.5.0，lt17.5.4

Name	Operator	Version
microsoft visual studio 2017 >=15.0，	lt	15.9.54
microsoft visual studio 2019 >=16.0，	lt	16.11.26
microsoft visual studio 2022 >=17.0.0，	lt	17.0.21
microsoft visual studio 2022 >=17.2.0，	lt	17.2.15
microsoft visual studio 2022 >=17.4.0，	lt	17.4.7
microsoft visual studio 2022 >=17.5.0，	lt	17.5.4