CVE-2019-1079

Published: Jul 15, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.

Affected (4)

Products: Microsoft: Visual Studio

Microsoft

1 product

Visual Studio

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Visual Studio	Version 2010 sp1
Microsoft Visual Studio	Version 2012 update_5
Microsoft Visual Studio	Version 2013 update_5
Microsoft Visual Studio	Version 2015 update_3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.