CVE-2020-1416

🗓️ 14 Jul 2020 22:54:34Reported by microsoftType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 225 Views

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies

Reporter	Title	Published	Views	Family All 14
Information Security Automation	Microsoft Patch Tuesday July 2020: my new open source project Vulristics, DNS SIGRed, RDP Client and SharePoint	2 Aug 202004:05	–	avleonov
BDU FSTEC	The vulnerability of Microsoft Visual Studio, a software development tool, and Visual Studio Code, a code editor, stems from deficiencies in access control. These flaws allow attackers to escalate their privileges and execute arbitrary code.	24 Jul 202000:00	–	bdu_fstec
Circl	CVE-2020-1416	9 Apr 202512:28	–	circl
Cvelist	CVE-2020-1416	14 Jul 202022:54	–	cvelist
Kaspersky	KLA11859 Multiple vulnerabilities in Microsoft Developer Tools	14 Jul 202000:00	–	kaspersky
Kaspersky	KLA11861 Multiple vulnerabilities in Microsoft Products (OSS)	14 Jul 202000:00	–	kaspersky
Microsoft CVE	Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability	14 Jul 202007:00	–	mscve
NVD	CVE-2020-1416	14 Jul 202023:15	–	nvd
OSV	CVE-2020-1416	14 Jul 202023:15	–	osv
Prion	Privilege escalation	14 Jul 202023:15	–	prion

NVD

Vulners

Node

microsoft azure_storage_explorerMatch-

microsoft typescriptMatch-

microsoft visual_studio_2017Range15.0–15.9.25

microsoft visual_studio_2019Range16.0–16.0.16

microsoft visual_studio_2019Range16.1–16.4.11

microsoft visual_studio_2019Range16.5–16.6.4

microsoft visual_studio_codeRange<1.47.1

[
  {
    "product": "Microsoft Visual Studio 2019 version 16.6 (includes 16.0 - 16.5)",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Visual Studio Code",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Microsoft Visual Studio 2019",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "16.0"
      }
    ]
  },
  {
    "product": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "Azure Storage Explorer",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  },
  {
    "product": "TypeScript",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1416

17 Jun 2026 03:01Current

8.7High risk

Vulners AI Score8.7

CVSS 3.18.8

CVSS 29.3

EPSS0.05862

CWE-269