KLA11618
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 03/06/2020

Дата обнаружения	10/12/2019
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: A remote code execution vulnerability in Git for Visual Studio can be exploited remotely to execute arbitrary code. A tampering vulnerability in Git for Visual Studio can be exploited remotely via specially crafted path to spoof user interface. A spoofing vulnerability in Visual Studio Live Share can be exploited remotely to spoof user interface.
Пораженные продукты	Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2017 version 15.0 Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Microsoft Visual Studio Live Share extension
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2019-1352 CVE-2019-1351 CVE-2019-1387 CVE-2019-1350 CVE-2019-1354 CVE-2019-1486 CVE-2019-1349
Оказываемое влияние ?	ACE [?] SUI [?]
Связанные продукты	Microsoft Visual Studio
CVE-IDS	CVE-2019-13529.3Critical CVE-2019-13515.0Critical CVE-2019-13876.8High CVE-2019-13509.3Critical CVE-2019-13549.3Critical CVE-2019-14865.8High CVE-2019-13499.3Critical

KLA11618Multiple vulnerabilities in Microsoft Developer Tools

KLA11618
Multiple vulnerabilities in Microsoft Developer Tools