Microsoft Visual Studio DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

🗓️ 10 Sep 2020 00:00:00Reported by Wen guang JiaoType

zdi🔗 www.zerodayinitiative.com👁 111 Views

Microsoft Visual Studio DDS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. Allows remote attackers to disclose sensitive information. Requires user interaction. Vulnerability exists within dxtex module. Crafted data in DDS file triggers read past allocated buffer. Can be leveraged to execute code

Reporter	Title	Published	Views	Family All 21
Information Security Automation	Microsoft Patch Tuesday September 2020: Zerologon and other exploits, RCEs in SharePoint and Exchange	30 Sep 202023:46	–	avleonov
BDU FSTEC	The vulnerability of the Microsoft Visual Studio software, related to errors in memory object handling, allows a hacker to execute arbitrary code.	24 Sep 202000:00	–	bdu_fstec
CNVD	Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2021-01041)	10 Sep 202000:00	–	cnvd
CVE	CVE-2020-16874	11 Sep 202017:08	–	cve
Cvelist	CVE-2020-16874 Visual Studio Remote Code Execution Vulnerability	11 Sep 202017:08	–	cvelist
Microsoft KB	Description of the security update for Microsoft Visual Studio 2012 Update 5: September 8, 2020	7 Sep 202000:00	–	mskb
Microsoft KB	Description of the security update for Microsoft Visual Studio 2013 Update 5: September 8, 2020	8 Sep 202007:00	–	mskb
Microsoft KB	Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2015 Update 3: September 8, 2020	8 Sep 202007:00	–	mskb
Kaspersky	KLA11956 Multiple vulnerabilities in Microsoft Developer Tools	8 Sep 202000:00	–	kaspersky
Microsoft CVE	Visual Studio Remote Code Execution Vulnerability	8 Sep 202007:00	–	mscve