Microsoft Visual Studio Privilege Elevation Vulnerability (2651019) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-021.

Impact

Successful exploitation could allow attacker to execute arbitrary code with elevated privileges. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-021

Insight

The flaw is due to the application loading add-ins from insecure paths. This can be exploited to gain additional privileges by placing malicious add- ins in certain directories and tricking a user into starting Visual Studio.

Affected

Microsoft Visual Studio 2008 SP 1 and prior Microsoft Visual Studio 2010 SP 1 and prior

References

http://secunia.com/advisories/48396
http://support.microsoft.com/kb/2645410
http://support.microsoft.com/kb/2669970
http://technet.microsoft.com/en-us/security/bulletin/ms12-021
http://www.securitytracker.com/id/1026792

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-0008

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft MS00-058 security check
Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)
Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2813170)

Take action and discover your vulnerabilities