CVE-2009-0901

CVE-2009-0901 describes a remote code execution vulnerability in Microsoft Active Template Library (ATL) used by Visual Studio and Windows components. The issue arises when ATL headers mishandle uninitialized VARIANTs, allowing a specially crafted stream to trigger VariantClear on an uninitialize...

CVE-2022-35827

CVE-2022-35827 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio releases (e.g., 2012 Update 5, 2013 Update 5, 2015 Update 3) via the VSGraphics component. Microsoft update pages (KB5016314/KB5016315/KB5016316) describe security updates with specific hotfix f...

CVE-2023-24897

CVE-2023-24897 covers a .NET/.NET Framework/Visual Studio Remote Code Execution vulnerability. Public advisories attribute the flaw to the MSDIA SDK (causing heap overflow due to corrupted PDBs) and enable RCE under certain conditions. Affected products include .NET 6/7 runtimes and corresponding...

CVE-2024-20656

CVE-2024-20656 is a Microsoft Visual Studio elevation-of-privilege vulnerability. Public sources indicate it stems from how Diagnostics Hub Standard Collector handles data operations, enabling a local attacker to gain SYSTEM privileges when exploiting Visual Studio components. The vulnerability i...

CVE-2010-3190

CVE-2010-3190 affects the Microsoft Foundation Class (MFC) library used by Visual Studio (2003 SP1; 2005 SP1/2008 SP1/2010) and Exchange Server 2010/2013. Vulnerability arises from untrusted search path loading of dwmapi.dll in the current working directory, enabling local privilege escalation th...

CVE-2009-2493

CVE-2009-2493 : Microsoft’s ATL vulnerability enables remote code execution when a user loads a specially crafted component/control hosted on a malicious page. The issue is described in MS09-037 (ATL vulnerabilities) and is addressed by Microsoft security bulletin updates; affected products inclu...

CVE-2021-42277

Technical details about CVE-2021-42277 are not provided in the connected documents; only generic vulnerability labels and references are available. Monitor for official advisories or CVE records for affected products, fixes, and mitigations.

CVE-2009-2495

CVE-2009-2495 is part of the ATL mathing family addressed by Microsoft in MS09-035/MS09-060. The vulnerability is the ATL Null String Vulnerability, where an attacker could read memory beyond the end of a string due to improper termination in ATL-based components/controls built with Visual Studio...

CVE-2011-1280

CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...

CVE-2022-35777

CVE-2022-35777 is a Visual Studio remote code execution vulnerability affecting the VSGraphics component. Connected sources (KB/MSRC/NVD) identify it as a Fbx File parser Heap overflow vulnerability within Visual Studio product lines, with references listing affected versions (including VS 2012 U...

CVE-2012-0008

CVE-2012-0008 affects Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 via an untrusted search path vulnerability that allows local privilege escalation when a Trojan horse add-in is loaded from an arbitrary directory. The underlying issue is improper validation/loading of add-ins in the Visu...

CVE-2019-0727

CVE-2019-0727 describes an elevation-of-privilege flaw in the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, allowing an attacker who can log on to delete files in arbitrary locations. The vulnerability is rooted in the collectors’ handling of file deletion permissio...

CVE-2021-1651

Technical details about CVE-2021-1651 are not provided in the supplied documents; only the vulnerability is named. Monitor for updates from official advisories.

CVE-2009-2528

CVE-2009-2528 is a memory corruption vulnerability in GDI+ used by Microsoft Office XP/2000 when parsing Office Art Property Tables. A crafted Office document can trigger remote code execution. Microsoft Security Bulletin MS09-062 (KB957488) provides patches; apply the MS09-062 updates to remedia...

CVE-2019-1232

CVE-2019-1232 is a local elevation-of-privilege flaw in the Diagnostics Hub Standard Collector Service. Affected: Diagnostics Hub Standard Collector Service; root cause: improper impersonation of certain file operations. Impact per sources: confidentiality, integrity, and availability are rated p...

CVE-2022-35826

CVE-2022-35826 is a Visual Studio remote code execution vulnerability affecting multiple Visual Studio versions through the VSGraphics component, with Microsoft’s August 2022 updates addressing CVE-2022-35826 alongside related CVEs (e.g., 35825, 35777, 35827). The Microsoft advisories describe an...

CVE-2023-33139

CVE-2023-33139 describes an Information Disclosure vulnerability in Microsoft Visual Studio, tied to the VSGraphics component. Public disclosures indicate affected VS versions range from Visual Studio 2013 Update 5 through newer updates, with MSKB entries (KB5026454/KB5026455) outlining hotfixes ...

CVE-2009-2500

This CVE corresponds to MS09-062: GDI+ WMF Integer Overflow Vulnerability. Affected are Microsoft GDI+ image-processing paths used by WMF, PNG, TIFF, BMP handling across Windows components and Office/Viewer products (e.g., IE6, Office suites, Visio, Project, SQL/Report Viewer, Forefront Client Se...

CVE-2020-16856

CVE-2020-16856 is a Visual Studio remote code execution vulnerability. The issue arises from how Visual Studio handles objects in memory, enabling an attacker to run arbitrary code in the context of the current user. If the user runs Visual Studio with administrative rights, the attacker could ta...

CVE-2018-8172

The CVE-2018-8172 entry pertains to a remote code execution vulnerability in Visual Studio family (including Visual Studio and Expression Blend) where the product fails to validate the source markup of an unbuilt project file. Root cause: improper handling of source markup in unbuilt files leadin...

CVE-2009-3126

CVE-2009-3126 corresponds to the GDI+ PNG Integer Overflow vulnerability described in MS09-062. The issue arises from an integer overflow in GDI+ when processing PNG images, which could allow remote code execution if a user opens a specially crafted image. The vulnerability affects a wide range o...

CVE-2019-1079

CVE-2019-1079 affects Microsoft Visual Studio. The vulnerability arises when Visual Studio improperly parses XML input in certain settings files, enabling an XML external entity (XXE) for information disclosure. An attacker who can entice an authenticated user to open a crafted XML file could rea...

CVE-2019-0537

CVE-2019-0537 is an information disclosure vulnerability in Microsoft Visual Studio. The vulnerability arises when a user opens a malicious .vscontent file, which could allow an attacker to view arbitrary file contents on the victim’s machine. The NVD entry lists a CVSS v2 base score of 4.3 (MEDI...

CVE-2020-1133

Technical details about CVE-2020-1133 are not publicly provided in the connected documents. Available sources mention Diagnostics Hub Standard Collector and the fix, but no affected versions, exploit specifics, or mitigation steps are given. Monitor for updates.

CVE-2022-35825

Technical details about CVE-2022-35825 are not publicly provided in the supplied documents. No explicit affected product version, root cause, or remediation is described here. Monitor for official updates from Microsoft and security advisories.

CVE-2020-1130

CVE-2020-1130 affects the Diagnostics Hub Standard Collector. The issue is an elevation of privilege in the collector’s data handling, enabling a crafted local application to run processes in an elevated context. The vulnerability is addressed by updating how the Diagnostics Hub Standard Collecto...

CVE-2011-1976

CVE-2011-1976 is a cross-site scripting (XSS) vulnerability in the Report Viewer Controls for Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1. Affected component is Microsoft.ReportViewer.WebForms.dll; attacker-controlled input via the TimerMethod URL parameter is incorporated into a ...

CVE-2018-8599

CVE-2018-8599 is the Diagnostics Hub Standard Collector Service Elevation of Privilege vulnerability. The NVD entry states a local attacker could exploit improper impersonation of certain file operations to gain privileges on affected Microsoft software, including Visual Studio, Windows Server 20...

CVE-2020-1202

CVE-2020-1202 affects Diagnostics Hub Standard Collector or Visual Studio Standard Collector. Root cause: improper handling of memory objects leading to elevation of privilege. Impact: local elevation of privileges if exploited; CVSS data in the Initial document indicates HIGH severity. Exploitat...

CVE-2020-16874

CVE-2020-16874 is a Visual Studio remote code execution vulnerability caused by improper handling of objects in memory. Exploitation requires a user to open a specially crafted file, potentially allowing arbitrary code execution in the current user context with Administrative rights. Microsoft an...

CVE-2021-28321

CVE-2021-28321 is a elevation-of-privilege issue in the Diagnostics Hub Standard Collector Service. The NVD entry lists a local, low-attack‑complexity vector with no authentication, achieving high impact on confidentiality, integrity, and availability (CVSS‑3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:...

CVE-2009-2501

CVE-2009-2501 describes a heap-based buffer overflow in Microsoft GDI+ when processing PNG images, enabling remote code execution via crafted PNGs. Affected software/contexts include Internet Explorer 6 SP1 on Windows XP (SP2/SP3) and various Microsoft Office components and viewers that rely on G...

CVE-2020-1393

Summary: CVE-2020-1393 is an elevation of privilege in Windows Diagnostics Hub related to the Standard Collector Service failing to sanitize input, causing insecure library loading. The root cause is input validation/sanitization weaknesses leading to loading of untrusted libraries. This CVE is r...

CVE-2021-28313

Technical details about CVE-2021-28313 are not publicly provided in the supplied documents. Monitor for updates from NVD, MSRC, and vendor advisories for affected components and fixes.

CVE-2021-1680

Technical details about CVE-2021-1680 are not publicly available in the provided connected documents. Monitor for updates for affected product, root cause, impact, and remediation information.

CVE-2020-1257

Technical details about CVE-2020-1257 are not provided in the connected documents. Public aliases, affected components, impact or fixes are not specified here; monitor for authoritative updates.

CVE-2021-28322

Technical details about CVE-2021-28322 are not publicly provided in the supplied documents. No affected products, exploit information, or fixes are described here. Monitor for updates from the referenced advisories and vulnerability feeds.

CVE-2020-1293

CVE-2020-1293 is an Elevation of Privilege vulnerability in Diagnostics Hub Standard Collector Service where file operations are mishandled. The connected AVLeonarov item places CVE-2020-1293 under Diagnostics Hub Standard Collector EOP and lists it alongside CVE-2020-1257 and CVE-2020-1278, but ...

CVE-2020-1203

CVE-2020-1203 is an elevation of privilege affecting the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector, caused by improper handling of memory in affected objects. The description notes this CVE is distinct from CVE-2020-1202 and does not provide explicit affected ver...

CVE-2009-2502

CVE-2009-2502 is a GDI+ TIFF buffer overflow vulnerability that could allow remote code execution when processing a specially crafted TIFF image. The vulnerability affects multiple Microsoft products enabled via Internet Explorer 6 SP1, various Windows and Office suites, Viewer components, and re...

CVE-2024-43603

CVE-2024-43603 is a Denial of Service vulnerability in the Visual Studio Diagnostics Hub Standard Collector (Visual Studio Collector Service). The MS security update description confirms a DoS in Diagnostics Hub Standard Collector when handling certain file operations. Remediations are provided v...

CVE-2018-1037

CVE-2018-1037 affects Microsoft Visual Studio family. The vulnerability is an information disclosure caused by improper handling of uninitialized memory when compiling Program Database (PDB) files, allowing disclosure of limited memory contents. The NVD entry lists CVSSv3 base score 4.3 (Medium),...

CVE-2014-3802

The CVE-2014-3802 issue affects msdia.dll (Microsoft Debug Interface Access Library) in Visual Studio prior to 2013. The root cause is a failure to validate an unspecified variable when calculating a dynamic-call address while parsing PDB files, leading to memory corruption. Impact per sources: r...

CVE-2020-1278

CVE-2020-1278 relates to an elevation of privilege in the Diagnostics Hub Standard Collector Service due to improper file operations. The vulnerability enables local privilege elevation, as the service handles files in a way that can be exploited by an authenticated attacker with access to the sy...

CVE-2009-2504

CVE-2009-2504 corresponds to MS09-062: multiple remote code execution vulnerabilities in Windows GDI+ exposed via GDI+ APIs used by .NET Framework and Office components. The issue stems from integer overflows/buffer handling in GDI+, enabling remote code execution when rendering crafted images in...

CVE-2009-2503

CVE-2009-2503 is a GDI+ memory corruption vulnerability in Microsoft components that can be triggered by a crafted TIFF image file, enabling remote code execution. The weakness resides in how GDI+ allocates memory when processing TIFFs, affecting a wide range of Windows and Office products listed...

CVE-2008-3704

CVE-2008-3704 corresponds to a heap-based buffer overflow in the MaskedEdit ActiveX control (Msmask32.ocx) that occurs when a long Mask parameter is processed. The defect affects Msmask32.ocx version 6.0.81.69 and possibly earlier versions (up to 6.0.84.18), within Microsoft Visual Studio 6.0, Vi...

CVE-2025-49739

CVE-2025-49739: Visual Studio elevation of privilege due to improper link resolution before file access ("link following"). The issue could allow a network-access attacker to elevate privileges on a affected machine. Connected sources indicate this CVE has public exploits (per Kaspersky entry in ...

CVE-2000-0162

Technical details (affected product/version, exploitability, and mitigations) are not publicly available in the provided documents. Monitor for updates from official advisories to confirm impact and remediation guidance.

CVE-2007-4254

CVE-2007-4254 is a stack-based buffer overflow in the MSVDTActiveX control (VDT70.DLL) used by Microsoft Visual Database Tools Database Designer 7.0 (Visual Studio 6). The NotSafe method accepts a long argument, which can overflow a buffer and enable remote code execution. The vulnerability affec...