Microsoft .NET Framework & Visual Studio RCE via CVE-2024-21409
CVE-2024-21409 Published on April 9, 2024

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2024-21409 has been classified to as a Dangling pointer vulnerability or weakness.

Products Associated with CVE-2024-21409

Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.

Microsoft Powershell

Microsoft Net

Microsoft Visual Studio 2022

Affected Versions

Microsoft Visual Studio 2022 version 17.9:

Version 17.0 and below 17.9.6 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.18 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.14 is affected.

Microsoft Visual Studio 2022 version 17.8:

Version 17.8.0 and below 17.8.9 is affected.

Microsoft PowerShell 7.3:

Version 7.3.0 and below 7.3.12 is affected.

Microsoft PowerShell 7.4:

Version 7.4.0 and below 7.4.2 is affected.

Microsoft PowerShell 7.2:

Version 7.2.0 and below 7.2.19 is affected.

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.29 is affected.

Microsoft .NET 7.0:

Version 7.0.0 and below 7.0.18 is affected.

Microsoft .NET 8.0:

Version 8.0 and below 8.0.4 is affected.

Microsoft .NET Framework 4.8:

Version 4.8.0 and below 4.8.4718.0 is affected.

Microsoft .NET Framework 3.5 AND 4.8:

Version 4.8.0 and below 4.8.4718.0 is affected.

Microsoft .NET Framework 3.5 AND 4.7.2:

Version 4.7.0 and below 4.7.4092.0 is affected.

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:

Version 4.7.0 and below 4.7.4092.0 is affected.

Microsoft .NET Framework 3.5 AND 4.8.1:

Version 4.8.1 and below 4.8.9236.0 is affected.

Microsoft .NET Framework 4.6.2:

Version 4.7.0 and below 4.7.4092.0 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-21409

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.WindowsDesktop.App.Runtime.win-x64	>= 8.0.0, <= 8.0.3	8.0.4
nuget	Microsoft.WindowsDesktop.App.Runtime.win-x86	<= 6.0.28	6.0.29
nuget	Microsoft.WindowsDesktop.App.Runtime.win-x86	>= 8.0.0, <= 8.0.3	8.0.4
nuget	Microsoft.WindowsDesktop.App.Runtime.win-x86	>= 7.0.0, <= 7.0.17	7.0.18
nuget	Microsoft.WindowsDesktop.App.Runtime.win-x64	>= 7.0.0, <= 7.0.17	7.0.18
nuget	Microsoft.WindowsDesktop.App.Runtime.win-x64	<= 6.0.28	6.0.29
nuget	Microsoft.WindowsDesktop.App.Runtime.win-arm64	>= 7.0.0, <= 7.0.17	7.0.18
nuget	Microsoft.WindowsDesktop.App.Runtime.win-arm64	>= 8.0.0, <= 8.0.3	8.0.4
nuget	Microsoft.WindowsDesktop.App.Runtime.win-arm64	<= 6.0.28	6.0.29

Exploit Probability

EPSS

54.70%

Percentile

98.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.