The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities:
A remote code execution vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution. (CVE-2023-24897)
A remote code execution vulnerability where specially crafted input to git apply -reject can lead to controlled content writes at arbitrary locations. (CVE-2023-25652)
A spoofing vulnerability where Github localization messages refer to a hard-coded path instead of respecting the runtime prefix that leads to out-of-bound memory writes and crashes. (CVE-2023-25815)
An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure. (CVE-2023-27909)
An information disclosure vulnerability where a user may be tricked into opening a malicious FBX file. This may exploit a stack buffer overflow (CVE-2023-27910) or heap buffer overflow (CVE-2023-27911) vulnerability in Autodesk FBX SDK 2020 or prior which may lead to remote code execution.
A remote code execution vulnerability where a configuration file containing a logic error results in arbitrary configuration injection. (CVE-2023-29007)
A remote code execution vulnerability where the Git for Windows executable responsible for implementing a SOCKS5 proxy is susceptible to picking up an untrusted configuration on multi-user machines. (CVE-2023-29011)
A remote code execution vulnerability where the Git for Windows Git CMD program incorrectly searches for a program upon startup, leading to silent arbitrary code execution. (CVE-2023-29012)
A remote code execution vulnerability in the .NET SDK during tool restore which can lead to an elevation of privilege. (CVE-2023-33135)
An information disclosure vulnerability by the obj file parser in Visual Studio. (CVE-2023-33139)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##
include('compat.inc');
if (description)
{
script_id(177249);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/10");
script_cve_id(
"CVE-2023-21808",
"CVE-2023-21815",
"CVE-2023-23381",
"CVE-2023-24895",
"CVE-2023-24897",
"CVE-2023-24936",
"CVE-2023-25652",
"CVE-2023-25815",
"CVE-2023-27909",
"CVE-2023-27910",
"CVE-2023-27911",
"CVE-2023-29007",
"CVE-2023-29011",
"CVE-2023-29012",
"CVE-2023-29331",
"CVE-2023-33032",
"CVE-2023-33126",
"CVE-2023-33128",
"CVE-2023-33135",
"CVE-2023-33139"
);
script_xref(name:"MSKB", value:"5025792");
script_xref(name:"MSKB", value:"5026454");
script_xref(name:"MSKB", value:"5026455");
script_xref(name:"MSKB", value:"5026610");
script_xref(name:"MSFT", value:"MS23-5025792");
script_xref(name:"MSFT", value:"MS23-5026454");
script_xref(name:"MSFT", value:"MS23-5026455");
script_xref(name:"MSFT", value:"MS23-5026610");
script_xref(name:"IAVA", value:"2023-A-0293-S");
script_name(english:"Security Updates for Microsoft Visual Studio Products (June 2023)");
script_set_attribute(attribute:"synopsis", value:
"The Microsoft Visual Studio Products are affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple
vulnerabilities:
- A remote code execution vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow,
leading to a crash or remote code execution. (CVE-2023-24897)
- A remote code execution vulnerability where specially crafted input to git apply -reject can lead to
controlled content writes at arbitrary locations. (CVE-2023-25652)
- A spoofing vulnerability where Github localization messages refer to a hard-coded path instead of
respecting the runtime prefix that leads to out-of-bound memory writes and crashes. (CVE-2023-25815)
- An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK version 2020 or prior may lead to code
execution through maliciously crafted FBX files or information disclosure. (CVE-2023-27909)
- An information disclosure vulnerability where a user may be tricked into opening a malicious
FBX file. This may exploit a stack buffer overflow (CVE-2023-27910) or heap buffer overflow
(CVE-2023-27911) vulnerability in Autodesk FBX SDK 2020 or prior which may lead to remote code
execution.
- A remote code execution vulnerability where a configuration file containing a logic error results
in arbitrary configuration injection. (CVE-2023-29007)
- A remote code execution vulnerability where the Git for Windows executable responsible for
implementing a SOCKS5 proxy is susceptible to picking up an untrusted configuration on multi-user
machines. (CVE-2023-29011)
- A remote code execution vulnerability where the Git for Windows Git CMD program incorrectly
searches for a program upon startup, leading to silent arbitrary code execution. (CVE-2023-29012)
- A remote code execution vulnerability in the .NET SDK during tool restore which can lead to an
elevation of privilege. (CVE-2023-33135)
- An information disclosure vulnerability by the obj file parser in Visual Studio. (CVE-2023-33139)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes#17.6.3
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dddbae5d");
# https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.4#1748--visual-studio-2022-version-1748
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a49726ef");
# https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.2#17216--visual-studio-2022-version-17216
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9a1613a0");
# https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-notes-v17.0#17022--visual-studio-2022-version-17022
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1d05a264");
# https://learn.microsoft.com/en-us/visualstudio/releases/2019/release-notes#release-notes-icon-visual-studio-2019-version-161127
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c46148fb");
# https://learn.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.55
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bdcff516");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5026454");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5025792");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5026455");
script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/en-us/help/5026610");
script_set_attribute(attribute:"solution", value:
"Microsoft has released the following security updates to address this issue:
- Patch for the Update 5 for Visual Studio 2013
- Patch for the Update 3 for Visual Studio 2015
- Update 15.9.55 for Visual Studio 2017
- Update 16.11.27 for Visual Studio 2019
- Update 17.0.22 for Visual Studio 2022
- Update 17.2.16 for Visual Studio 2022
- Update 17.4.8 for Visual Studio 2022
- Update 17.6.3 for Visual Studio 2022");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25652");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-33032");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"patch_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:visual_studio");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows : Microsoft Bulletins");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ms_bulletin_checks_possible.nasl", "microsoft_visual_studio_installed.nbin");
script_require_keys("SMB/MS_Bulletin_Checks/Possible", "installed_sw/Microsoft Visual Studio", "SMB/Registry/Enumerated");
script_require_ports(139, 445, "Host/patch_management_checks");
exit(0);
}
include('vcf_extras_visual_studio.inc');
include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
var port = kb_smb_transport();
var appname = 'Microsoft Visual Studio';
var installs = get_installs(app_name:appname, exit_if_not_found:TRUE);
var report = '';
var fversion, file, fver, kb_file, kb_files, version, path, prod, fix, install;
foreach install (installs[1])
{
version = install['version'];
path = install['path'];
prod = install['product_version'];
if (version =~ '^14\\.0\\.')
{
# KB5025792 \Team Tools\Dynamic Code Coverage Tools\covrun32.dll and (if any)
# Team Tools\Dynamic Code Coverage Tools\amd64\covrun64.dll should be 14.0.27555.0
fix = '14.0.27555.0';
kb_files = make_list('Team Tools\\Dynamic Code Coverage Tools\\covrun32.dll',
'Team Tools\\Dynamic Code Coverage Tools\\amd64\\covrun64.dll');
foreach kb_file (kb_files)
{
file = hotfix_append_path(path:path, value:kb_file);
fver = hotfix_get_fversion(path:file);
if (fver['error'] == HCF_OK && !empty_or_null(fver['value']))
{
fversion = join(sep:'.', fver['value']);
if (ver_compare(ver:fversion, fix:fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + file +
'\n Installed version : ' + fversion +
'\n Fixed version : ' + fix +
'\n';
break;
}
}
}
# KB5026455 \Common7\IDE\Extensions\Microsoft\VsGraphics\VsGraphics.exe and
# \Common7\IDE\Extensions\Microsoft\VsGraphics\VsGraphicsCore.dll should be 14.0.27554.0
fix = '14.0.27554.0';
kb_files = make_list('Common7\\IDE\\Extensions\\Microsoft\\VsGraphics\\VsGraphics.exe',
'Common7\\IDE\\Extensions\\Microsoft\\VsGraphics\\VsGraphicsCore.dll');
foreach kb_file (kb_files)
{
file = hotfix_append_path(path:path, value:kb_file);
fver = hotfix_get_fversion(path:file);
if (fver['error'] == HCF_OK && !empty_or_null(fver['value']))
{
fversion = join(sep:'.', fver['value']);
if (ver_compare(ver:fversion, fix:fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + file +
'\n Installed version : ' + fversion +
'\n Fixed version : ' + fix +
'\n';
break;
}
}
}
}
else if (version =~ '^12\\.0\\.')
{
# KB5026610 \Common7\IDE\msdia120.dll and
# \Team Tools\Dynamic Code Coverage Tools\msdia120.dll should be 12.0.40700.0
fix = '12.0.40700.0';
kb_files = make_list('Common7\\IDE\\msdia120.dll',
'Team Tools\\Dynamic Code Coverage Tools\\msdia120.dll');
foreach kb_file (kb_files)
{
file = hotfix_append_path(path:path, value:kb_file);
fver = hotfix_get_fversion(path:file);
if (fver['error'] == HCF_OK && !empty_or_null(fver['value']))
{
fversion = join(sep:'.', fver['value']);
if (ver_compare(ver:fversion, fix:fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + file +
'\n Installed version : ' + fversion +
'\n Fixed version : ' + fix +
'\n';
break;
}
}
}
# KB5026454 \Common7\IDE\Extensions\Microsoft\VsGraphics\VsGraphics.exe and
# \Common7\IDE\Extensions\Microsoft\VsGraphics\VsGraphicsCore.dll should be 12.0.40702.0
fix = '12.0.40702.0';
kb_files = make_list('Common7\\IDE\\Extensions\\Microsoft\\VsGraphics\\VsGraphics.exe',
'Common7\\IDE\\Extensions\\Microsoft\\VsGraphics\\VsGraphicsCore.dll');
foreach kb_file (kb_files)
{
file = hotfix_append_path(path:path, value:kb_file);
fver = hotfix_get_fversion(path:file);
if (fver['error'] == HCF_OK && !empty_or_null(fver['value']))
{
fversion = join(sep:'.', fver['value']);
if (ver_compare(ver:fversion, fix:fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + file +
'\n Installed version : ' + fversion +
'\n Fixed version : ' + fix +
'\n';
break;
}
}
}
}
else if (prod == '2017')
{
fix = '15.9.33801.237';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + '15.9.33801.237 (15.9.55)' +
'\n';
}
}
else if (prod == '2019')
{
fix = '16.11.33801.447';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + '16.11.33801.447 (16.11.27)' +
'\n';
}
}
else if (prod == '2022' && version =~ "^17\.0\.")
{
fix = '17.0.33801.228';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + '17.0.33801.228 (17.0.22)' +
'\n';
}
}
else if (prod == '2022' && version =~ "^17\.[1-2]\.")
{
fix = '17.2.33801.349';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + '17.2.33801.349 (17.2.16)' +
'\n';
}
}
else if (prod == '2022' && version =~ "^17\.[3-4]\.")
{
fix = '17.4.33801.306';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + '17.4.33801.306 (17.4.8)' +
'\n';
}
}
else if (prod == '2022' && version =~ "^17\.[5-6]\.")
{
fix = '17.6.33801.468';
if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : ' + '17.6.33801.468 (17.6.3)' +
'\n';
}
}
}
hotfix_check_fversion_end();
if (empty(report))
audit(AUDIT_INST_VER_NOT_VULN, appname, version);
security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | visual_studio | cpe:/a:microsoft:visual_studio |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29331
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33139
www.nessus.org/u?1d05a264
www.nessus.org/u?9a1613a0
www.nessus.org/u?a49726ef
www.nessus.org/u?bdcff516
www.nessus.org/u?c46148fb
www.nessus.org/u?dddbae5d
support.microsoft.com/en-us/help/5025792
support.microsoft.com/en-us/help/5026454
support.microsoft.com/en-us/help/5026455
support.microsoft.com/en-us/help/5026610