Multiple vulnerabilities in Microsoft Developer Tools

Beschreibung

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, gain privileges and obtain sensitive information.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
2. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
3. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
4. A memory corruption vulnerability in Scripting Engine can be exploited to execute arbitrary code.
5. A cross-site scripting vulnerability in Team Foundation Server can be exploited remotely via specially crafted website to spoof user interface.
6. A tampering vulnerability in NuGet Package Manager can be exploited to spoof user interface.
7. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to gain privileges.
8. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to obtain sensitive information.

Ursprüngliche Informationshinweise

• CVE-2019-0809

• CVE-2019-0773
• CVE-2019-0771
• CVE-2019-0746
• CVE-2019-0639
• CVE-2019-0777
• CVE-2019-0609
• CVE-2019-0769
• CVE-2019-0757
• CVE-2019-0592
• CVE-2019-0611

CVE Liste

• CVE-2019-0773
  critical
• CVE-2019-0769
  critical
• CVE-2019-0592
  critical
• CVE-2019-0771
  critical
• CVE-2019-0746
  critical
• CVE-2019-0639
  critical
• CVE-2019-0609
  critical
• CVE-2019-0611
  critical
• CVE-2019-0809
  critical
• CVE-2019-0777
  critical
• CVE-2019-0757
  critical

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com