Microsoft .NET/Visual Studio Elevation of Privilege
CVE-2023-24936 Published on June 14, 2023

Products Associated with CVE-2023-24936

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-24936 are published in these products:

Affected Versions

Microsoft Visual Studio 2022 version 17.2:

• Version 17.2.0 and below 17.2.16 is affected.

Microsoft Visual Studio 2022 version 17.0:

• Version 17.0.0 and below 17.0.22 is affected.

Microsoft Visual Studio 2022 version 17.4:

• Version 17.4.0 and below 17.4.8 is affected.

Microsoft .NET 6.0:

• Version 6.0.0 and below 6.0.18 is affected.

Microsoft .NET 7.0:

• Version 7.0.0 and below 7.0.7 is affected.

Microsoft Visual Studio 2022 version 17.6:

• Version 17.6.0 and below 17.6.3 is affected.

Microsoft PowerShell 7.2:

• Version 7.2.0 and below 7.2.12 is affected.

Microsoft PowerShell 7.3:

• Version 7.3.0 and below 7.3.5 is affected.

Microsoft .NET Framework 4.8:

• Version 4.8.0 and below 4.8.4644.0 is affected.

Microsoft .NET Framework 3.5 AND 4.8:

• Version 4.8.0 and below 4.8.4644.0 is affected.

Microsoft .NET Framework 3.5 AND 4.7.2:

• Version 4.7.0 and below 4.7.4050.0 is affected.

Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2:

• Version 3.0.0.0 and below 10.0.14393.5989 is affected.

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:

• Version 4.7.0 and below 4.7.04043.0 is affected.

Microsoft .NET Framework 3.5 AND 4.8.1:

• Version 4.8.1 and below 4.8.9166.0 is affected.

Microsoft .NET Framework 4.6.2:

• Version 4.7.0 and below 4.7.04043.0 is affected.

Microsoft .NET Framework 3.5 and 4.6.2:

• Version 4.7.0 and below 10.0.10240.19983 is affected.

Microsoft .NET Framework 2.0 Service Pack 2:

• Version 2.0.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.

Microsoft .NET Framework 3.0 Service Pack 2:

• Version 3.0.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.

Microsoft .NET Framework 3.5.1:

• Version 3.5.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.

Microsoft .NET Framework 3.5:

• Version 3.5.0 and below 3.0.6920.8954; 2.0.50727.8970 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-24936

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.linux-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 6.0.0, <= 6.0.16	6.0.18
nuget	Microsoft.NetCore.App.Runtime.win-x86	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.win-arm	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.osx-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.osx-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-x64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-musl-arm	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm64	>= 7.0.0, <= 7.0.5	7.0.7
nuget	Microsoft.NetCore.App.Runtime.linux-arm	>= 7.0.0, <= 7.0.5	7.0.7

Exploit Probability