Lucene search

K
zdiWen guang JiaoZDI-20-1121
HistorySep 10, 2020 - 12:00 a.m.

Microsoft Visual Studio DDS File Parsing Integer Overflow Remote Code Execution Vulnerability

2020-09-1000:00:00
Wen guang Jiao
www.zerodayinitiative.com
40
microsoft visual studio
integer overflow
remote code execution
dds file
user interaction
dxtex module
buffer overflow

EPSS

0.012

Percentile

85.1%

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the dxtex module. Crafted data in a DDS file can trigger an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current user.