Kaspersky ID:
KLA50317
Дата обнаружения:
13/06/2023
Обновлено:
25/01/2024

Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Out of bounds memory access vulnerability in Git can be exploited to cause denial of service and gain privileges.
  2. Remote code execution vulnerability can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability in Visual Studio can be exploited remotely to obtain sensitive information.
  4. An elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to gain privileges.
  5. A remote code execution vulnerability in Autodesk® FBX® SDK 2020 can be exploited remotely to execute arbitrary code.
  6. A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in .NET and Visual Studio can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in .NET and Visual Studio can be exploited remotely to execute arbitrary code.
  10. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
  11. A remote code execution vulnerability in .NET Framework can be exploited remotely to execute arbitrary code.
  12. A spoofing vulnerability in Visual Studio Code can be exploited remotely to spoof user interface.
  13. Stack buffer overflow vulnerability in Autodesk® FBX® can be exploited remotely to obtain sensitive information.
  14. A remote code execution vulnerability in NuGet Client can be exploited remotely to execute arbitrary code.
  15. A denial of service vulnerability in Yet Another Reverse Proxy (YARP) can be exploited remotely to cause denial of service.
  16. A denial of service vulnerability in Sysinternals Process Monitor for Windows can be exploited remotely to cause denial of service.
  17. A denial of service vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to cause denial of service.
  18. Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 can be exploited remotely to execute arbitrary code.

Первичный источник обнаружения

Эксплуатация

Public exploits exist for this vulnerability.

Связанные продукты

Список CVE

  • CVE-2023-25815
    warning
  • CVE-2023-29007
    critical
  • CVE-2023-25652
    critical
  • CVE-2023-29012
    critical
  • CVE-2023-29011
    critical
  • CVE-2023-33139
    high
  • CVE-2023-24936
    critical
  • CVE-2023-27909
    critical
  • CVE-2023-32030
    critical
  • CVE-2023-32032
    high
  • CVE-2023-24895
    critical
  • CVE-2023-24897
    critical
  • CVE-2023-33126
    high
  • CVE-2023-21565
    high
  • CVE-2023-29326
    critical
  • CVE-2023-33144
    high
  • CVE-2023-33135
    high
  • CVE-2023-27910
    critical
  • CVE-2023-29337
    high
  • CVE-2023-33141
    critical
  • CVE-2023-29353
    high
  • CVE-2023-29331
    critical
  • CVE-2023-27911
    critical
  • CVE-2023-33128
    high
  • CVE-2023-21569
    high

Список KB

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Kaspersky IT Security Calculator:
Оцените ваш профиль кибербезопасности
Узнать больше
Встречай новый Kaspersky!
Каждая минута твоей онлайн-жизни заслуживает топовой защиты.
Узнать больше
Confirm changes?
Your message has been sent successfully.