8 matches found
CVE-2010-3190
CVE-2010-3190 affects the Microsoft Foundation Class (MFC) library used by Visual Studio (2003 SP1; 2005 SP1/2008 SP1/2010) and Exchange Server 2010/2013. Vulnerability arises from untrusted search path loading of dwmapi.dll in the current working directory, enabling local privilege escalation th...
CVE-2011-1280
CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...
CVE-2012-0008
CVE-2012-0008 affects Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 via an untrusted search path vulnerability that allows local privilege escalation when a Trojan horse add-in is loaded from an arbitrary directory. The underlying issue is improper validation/loading of add-ins in the Visu...
CVE-2018-8172
The CVE-2018-8172 entry pertains to a remote code execution vulnerability in Visual Studio family (including Visual Studio and Expression Blend) where the product fails to validate the source markup of an unbuilt project file. Root cause: improper handling of source markup in unbuilt files leadin...
CVE-2019-0537
CVE-2019-0537 is an information disclosure vulnerability in Microsoft Visual Studio. The vulnerability arises when a user opens a malicious .vscontent file, which could allow an attacker to view arbitrary file contents on the victim’s machine. The NVD entry lists a CVSS v2 base score of 4.3 (MEDI...
CVE-2019-1079
CVE-2019-1079 affects Microsoft Visual Studio. The vulnerability arises when Visual Studio improperly parses XML input in certain settings files, enabling an XML external entity (XXE) for information disclosure. An attacker who can entice an authenticated user to open a crafted XML file could rea...
CVE-2018-1037
CVE-2018-1037 affects Microsoft Visual Studio family. The vulnerability is an information disclosure caused by improper handling of uninitialized memory when compiling Program Database (PDB) files, allowing disclosure of limited memory contents. The NVD entry lists CVSSv3 base score 4.3 (Medium),...
CVE-2014-3802
The CVE-2014-3802 issue affects msdia.dll (Microsoft Debug Interface Access Library) in Visual Studio prior to 2013. The root cause is a failure to validate an unspecified variable when calculating a dynamic-call address while parsing PDB files, leading to memory corruption. Impact per sources: r...