microsoft visual-studio-2017 CVE-2022-24767 in Microsoft and Gitforwindowsproject Products
Published on April 12, 2022

product logo product logo
GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.

NVD

Vulnerability Analysis

CVE-2022-24767 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a DLL preloading Vulnerability?

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

CVE-2022-24767 has been classified to as a DLL preloading vulnerability or weakness.


Products Associated with CVE-2022-24767

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-24767 are published in these products:

Microsoft Visual Studio 2017
 
Microsoft Visual Studio 2019
 
Microsoft Visual Studio 2022
 
Gitforwindowsproject Git For Windows
 

Affected Versions

Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8): Microsoft Visual Studio 2022 version 17.1: Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6): Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8): Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10): Microsoft Visual Studio 2022 version 17.0:

Exploit Probability

EPSS
1.20%
Percentile
78.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.