logo
DATABASE RESOURCES PRICING ABOUT US

Visual Studio Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files. An attacker who successfully exploited this vulnerability could overwrite arbitrary files in the security context of the local system. To exploit this vulnerability, an attacker would need to trick an elevated user into downloading a malicious package, either by getting them to open a malicious project or convincing them to add a malicious package to an existing project. The vulnerabilities were introduced by NPM packages used by Visual Studio and subsequently addressed via the following two NPM advisories: [Arbitrary File Overwrite - tar](<https://www.npmjs.com/advisories/803>) [Arbitrary File Overwrite - fstream](<https://www.npmjs.com/advisories/886>) The update addresses the vulnerability by updating the NPM packages, which corrects how Visual Studio validates hardlinks during extraction of file archives.


Related