9.3

CVE-2018-8172

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExpression Blend Version2 Updatesp2
MicrosoftExpression Blend Version3 Updatesp1
MicrosoftExpression Blend Version4 Updatesp3
MicrosoftVisual Studio Version2010 Updatesp1
MicrosoftVisual Studio Version2012 Updateupdate_5
MicrosoftVisual Studio Version2013 Updateupdate_5
MicrosoftVisual Studio Version2015 Updateupdate3
MicrosoftVisual Studio 2017 Version15.7.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 31.02% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/bid/104616
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1041253
Third Party Advisory
Broken Link
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172
Patch
Vendor Advisory