Visual Studio 2017 Microsoft Visual Studio 2017

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Visual Studio 2017.

By the Year

In 2025 there have been 6 vulnerabilities in Microsoft Visual Studio 2017 with an average score of 7.5 out of ten. Last year, in 2024 Visual Studio 2017 had 4 security vulnerabilities published. That is, 2 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.58.




Year Vulnerabilities Average Score
2025 6 7.53
2024 4 6.95
2023 14 7.22
2022 8 8.30
2021 14 7.04
2020 28 7.36
2019 10 7.35
2018 5 7.10

It may take a day or so for new Visual Studio 2017 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visual Studio 2017 Security Vulnerabilities

Insufficient granularity of access control in Visual Studio

CVE-2025-32703 5.5 - Medium - May 13, 2025

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

Information Disclosure

Uncontrolled search path element in Visual Studio

CVE-2025-24998 7.3 - High - March 11, 2025

Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally.

DLL preloading

Visual Studio Installer Elevation of Privilege Vulnerability

CVE-2025-21206 7.3 - High - February 11, 2025

Visual Studio Installer Elevation of Privilege Vulnerability

DLL preloading

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21172 7.5 - High - January 14, 2025

.NET and Visual Studio Remote Code Execution Vulnerability

Integer Overflow or Wraparound

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2025-21176 8.8 - High - January 14, 2025

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Buffer Over-read

Visual Studio Remote Code Execution Vulnerability

CVE-2025-21178 8.8 - High - January 14, 2025

Visual Studio Remote Code Execution Vulnerability

Out-of-bounds Read

Visual Studio Collector Service Denial of Service Vulnerability

CVE-2024-43603 5.5 - Medium - October 08, 2024

Visual Studio Collector Service Denial of Service Vulnerability

insecure temporary file

Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

CVE-2024-43590 7.8 - High - October 08, 2024

Visual C++ Redistributable Installer Elevation of Privilege Vulnerability

Authorization

Visual Studio Elevation of Privilege Vulnerability

CVE-2024-29060 6.7 - Medium - June 11, 2024

Visual Studio Elevation of Privilege Vulnerability

Visual Studio Elevation of Privilege Vulnerability

CVE-2024-20656 7.8 - High - January 09, 2024

Visual Studio Elevation of Privilege Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-36792 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-36796 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-36794 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-36793 7.8 - High - September 12, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Tools for Office Runtime Spoofing Vulnerability

CVE-2023-36897 6.5 - Medium - August 08, 2023

Visual Studio Tools for Office Runtime Spoofing Vulnerability

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

CVE-2023-24897 7.8 - High - June 14, 2023

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Visual Studio Information Disclosure Vulnerability

CVE-2023-33139 5.5 - Medium - June 14, 2023

Visual Studio Information Disclosure Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-28296 7.8 - High - April 11, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Spoofing Vulnerability

CVE-2023-28299 5.5 - Medium - April 11, 2023

Visual Studio Spoofing Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2023-21808 7.8 - High - February 14, 2023

.NET and Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-21815 7.8 - High - February 14, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Denial of Service Vulnerability

CVE-2023-21567 5.6 - Medium - February 14, 2023

Visual Studio Denial of Service Vulnerability

Visual Studio Elevation of Privilege Vulnerability

CVE-2023-21566 7.8 - High - February 14, 2023

Visual Studio Elevation of Privilege Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2023-23381 7.8 - High - February 14, 2023

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2022-41119 7.8 - High - November 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2022-35777 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2022-35825 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2022-35826 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2022-35827 8.8 - High - August 09, 2022

Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

CVE-2022-29148 7.8 - High - May 10, 2022

Visual Studio Remote Code Execution Vulnerability

GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.

CVE-2022-24767 7.8 - High - April 12, 2022

GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.

DLL preloading

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

CVE-2022-21871 7.8 - High - January 11, 2022

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

Visual Studio Elevation of Privilege Vulnerability

CVE-2021-42319 4.7 - Medium - November 10, 2021

Visual Studio Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-42277 5.5 - Medium - November 10, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

Visual Studio Elevation of Privilege Vulnerability

CVE-2021-26434 7.8 - High - September 15, 2021

Visual Studio Elevation of Privilege Vulnerability

Incorrect Permission Assignment for Critical Resource

Visual Studio Remote Code Execution Vulnerability

CVE-2021-36952 7.8 - High - September 15, 2021

Visual Studio Remote Code Execution Vulnerability

Memory Corruption

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-26423 7.5 - High - August 12, 2021

.NET Core and Visual Studio Denial of Service Vulnerability

.NET Core and Visual Studio Information Disclosure Vulnerability

CVE-2021-34485 5 - Medium - August 12, 2021

.NET Core and Visual Studio Information Disclosure Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28321 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

insecure temporary file

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28322 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28313 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Improper Privilege Management

Visual Studio Installer Elevation of Privilege Vulnerability

CVE-2021-27064 7.8 - High - April 13, 2021

Visual Studio Installer Elevation of Privilege Vulnerability

Visual Studio Code Remote Code Execution Vulnerability

CVE-2021-1639 7 - High - February 25, 2021

Visual Studio Code Remote Code Execution Vulnerability

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2021-1721 6.5 - Medium - February 25, 2021

.NET Core and Visual Studio Denial of Service Vulnerability

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1651 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1680 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

Visual Studio Remote Code Execution Vulnerability

CVE-2020-17156 7.8 - High - December 10, 2020

Visual Studio Remote Code Execution Vulnerability

Visual Studio Tampering Vulnerability

CVE-2020-17100 5.5 - Medium - November 11, 2020

Visual Studio Tampering Vulnerability

Cure53 DOMPurify before 2.0.17 allows mutation XSS

CVE-2020-26870 6.1 - Medium - October 07, 2020

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

XSS

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations

CVE-2020-1130 6.6 - Medium - September 11, 2020

<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2019 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe