Microsoft Visual Studio Developer IDE
Recent Microsoft Visual Studio Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2024-43488 | CVE-2024-43488 Visual Studio Code extension for Arduino Remote Code Execution Vulnerability | October 8, 2024 |
| CVE-2024-43603 | CVE-2024-43603 Visual Studio Collector Service Denial of Service Vulnerability | October 8, 2024 |
| CVE-2024-43485 | CVE-2024-43485 .NET and Visual Studio Denial of Service Vulnerability | October 8, 2024 |
| CVE-2024-43484 | CVE-2024-43484 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | October 8, 2024 |
| CVE-2024-43483 | CVE-2024-43483 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability | October 8, 2024 |
| CVE-2024-43601 | CVE-2024-43601 Visual Studio Code for Linux Remote Code Execution Vulnerability | October 8, 2024 |
| CVE-2024-38229 | CVE-2024-38229 .NET and Visual Studio Remote Code Execution Vulnerability | October 8, 2024 |
| CVE-2024-38168 | CVE-2024-38168 .NET and Visual Studio Denial of Service Vulnerability | August 13, 2024 |
| CVE-2024-38167 | CVE-2024-38167 .NET and Visual Studio Information Disclosure Vulnerability | August 13, 2024 |
| CVE-2024-38095 | CVE-2024-38095 .NET and Visual Studio Denial of Service Vulnerability | July 9, 2024 |
By the Year
In 2024 there have been 2 vulnerabilities in Microsoft Visual Studio with an average score of 6.7 out of ten. Last year Visual Studio had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Interestingly, the average vulnerability score and the number of vulnerabilities for 2024 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 2 | 6.65 |
| 2023 | 2 | 6.65 |
| 2022 | 4 | 8.80 |
| 2021 | 6 | 7.42 |
| 2020 | 10 | 7.45 |
| 2019 | 4 | 6.90 |
| 2018 | 3 | 6.63 |
It may take a day or so for new Visual Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Visual Studio Security Vulnerabilities
Visual Studio Collector Service Denial of Service Vulnerability
CVE-2024-43603
5.5 - Medium
- October 08, 2024
Visual Studio Collector Service Denial of Service Vulnerability
insecure temporary file
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-20656
7.8 - High
- January 09, 2024
Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
CVE-2023-24897
7.8 - High
- June 14, 2023
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Visual Studio Information Disclosure Vulnerability
CVE-2023-33139
5.5 - Medium
- June 14, 2023
Visual Studio Information Disclosure Vulnerability
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35825
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35826
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35827
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
CVE-2022-35777
8.8 - High
- August 09, 2022
Visual Studio Remote Code Execution Vulnerability
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-42277
5.5 - Medium
- November 10, 2021
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Improper Privilege Management
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28321
7.8 - High
- April 13, 2021
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
insecure temporary file
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28313
7.8 - High
- April 13, 2021
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Improper Privilege Management
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2021-28322
7.8 - High
- April 13, 2021
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
Improper Privilege Management
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1651
7.8 - High
- January 12, 2021
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Improper Privilege Management
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2021-1680
7.8 - High
- January 12, 2021
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Improper Privilege Management
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations
CVE-2020-1130
6.6 - Medium
- September 11, 2020
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles data operations.</p>
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory
CVE-2020-16856
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory
CVE-2020-16874
7.8 - High
- September 11, 2020
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p> <p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations
CVE-2020-1133
5.5 - Medium
- September 11, 2020
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.</p> <p>An attacker could exploit this vulnerability by running a specially crafted application on the victim system.</p> <p>The update addresses the vulnerability by correcting the way the Diagnostics Hub Standard Collector handles file operations.</p>
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input
CVE-2020-1393
7.8 - High
- July 14, 2020
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
CVE-2020-1293
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory
CVE-2020-1202
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
CVE-2020-1257
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations
CVE-2020-1278
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory
CVE-2020-1203
7.8 - High
- June 09, 2020
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.
Improper Privilege Management
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations
CVE-2019-1232
7.8 - High
- September 11, 2019
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files
CVE-2019-1079
6.5 - Medium
- July 15, 2019
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.
Improper Input Validation
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector
CVE-2019-0727
7.8 - High
- May 16, 2019
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file
CVE-2019-0537
5.5 - Medium
- January 08, 2019
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations
CVE-2018-8599
7.8 - High
- December 12, 2018
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.
Improper Check for Dropped Privileges
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project
CVE-2018-8172
7.8 - High
- July 11, 2018
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files
CVE-2018-1037
4.3 - Medium
- April 12, 2018
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
Use of Uninitialized Resource
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
CVE-2009-3126
- October 14, 2009
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
Numeric Errors
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
CVE-2009-2500
- October 14, 2009
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
Numeric Errors
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
CVE-2009-2501
- October 14, 2009
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
Buffer Overflow
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
CVE-2009-2502
- October 14, 2009
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
Buffer Overflow
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file
CVE-2009-2503
- October 14, 2009
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
Code Injection
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0
CVE-2009-2504
- October 14, 2009
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
Numeric Errors
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document
CVE-2009-2528
- October 14, 2009
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Memory Corruption Vulnerability."
Code Injection
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet
CVE-2000-0162
- February 18, 2000
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Internet Explorer (IE) or by Microsoft? Click the Watch button to subscribe.
