Jul 2024: .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2024-38081 Published on July 9, 2024

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

Github Repository Vendor Advisory NVD

Weakness Type

What is an insecure temporary file Vulnerability?

The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CVE-2024-38081 has been classified to as an insecure temporary file vulnerability or weakness.

Products Associated with CVE-2024-38081

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-38081 are published in these products:

Microsoft Visual Studio 2022

Microsoft Net

Microsoft .NET Framework

Microsoft Visual Studio

Affected Versions

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.21 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.17 is affected.

Microsoft Visual Studio 2022 version 17.8:

Version 17.8.0 and below 17.8.12 is affected.

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.32 is affected.

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:

Version 4.7.0 and below 4.7.4101.02 is affected.

Microsoft .NET Framework 3.5 AND 4.8.1:

Version 4.8.1 and below 4.8.1.9256.03 is affected.

Microsoft .NET Framework 4.6.2:

Version 4.7.0 and below 4.7.4101.01 is affected.

Microsoft .NET Framework 4.6/4.6.2:

Version 10.0.0.0 and below 10.0.10240.20710 is affected.

Microsoft .NET Framework 2.0 Service Pack 2:

Version 2.0.0 and below 2.0.50727.8977 is affected.

Microsoft .NET Framework 3.0 Service Pack 2:

Version 3.0.0 and below 2.0.50727.8977 is affected.

Microsoft .NET Framework 3.5:

Version 3.5.0 and below 3.5.30729.8972 is affected.

Microsoft .NET Framework 3.5.1:

Version 3.5.0 and below 3.5.30729.8971 is affected.

Microsoft .NET Framework 4.8:

Version 4.8.0 and below 4.8.04739.02 is affected.

Microsoft .NET Framework 3.5 AND 4.8:

Version 4.8.0 and below 4.8.4739.04 is affected.

Microsoft .NET Framework 3.5 AND 4.7.2:

Version 4.7.0 and below 4.7.2.4101.03 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-38081

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	Microsoft.IO.Redist	>= 4.6.0-preview.18571.3, <= 6.0.0	6.0.1

Exploit Probability

EPSS

0.80%

Percentile

73.71%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.