CVE-2020-0900

Published: Apr 15, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.

Affected (5)

Products: Microsoft: Visual Studio 2015, Visual Studio 2017, Visual Studio 2019

3 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Visual Studio 2015	Version update_3
Microsoft Visual Studio 2017	Version 15.9
Microsoft Visual Studio 2019	Version 16.0
Microsoft Visual Studio 2019	Version 16.4
Microsoft Visual Studio 2019	Version 16.5.0

References (2)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900

Source: secure@microsoft.com

PatchVendor Advisory

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.