Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Published: 2012-03-13
Updated: 2018-10-12
Summary
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021 'An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.' 'The vulnerability could not be exploited remotely or by anonymous users.' Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Part | Description | Count |
Application | Microsoft | 3 |
Msbulletin
bulletin_id | MS12-021 |
bulletin_url | |
date | 2012-03-13T00:00:00 |
impact | Elevation of Privilege |
knowledgebase_id | 2651019 |
knowledgebase_url | |
severity | Important |
title | Vulnerability in Visual Studio Could Allow Elevation of Privilege |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS12-021.NASL |
description | The installed version of Microsoft Visual Studio does not properly validate add-ins in the path before loading them into the application. An attacker can elevate his privileges by placing a specially crafted add-in in the path used by Visual Studio and convincing a user with higher privileges to start Visual Studio. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 58333 |
published | 2012-03-13 |
reporter | This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/58333 |
title | MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) |
Oval
accepted | 2014-01-06T04:00:07.092-05:00 |
class | vulnerability |
contributors | name | Josh Turpin | organization | Symantec Corporation |
name | Maria Kedovskaya | organization | ALTX-SOFT |
|
definition_extensions | comment | Microsoft Visual Studio 2008 Service Pack 1 is installed | oval | oval:org.mitre.oval:def:6205 |
comment | Microsoft Visual Studio 2010 is installed | oval | oval:org.mitre.oval:def:7533 |
comment | Microsoft Visual Studio 2010 Service Pack 1 is installed | oval | oval:org.mitre.oval:def:14969 |
|
description | Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." |
family | windows |
id | oval:org.mitre.oval:def:15081 |
status | accepted |
submitted | 2012-03-13T13:00:00 |
title | Visual Studio Add-In Vulnerability |
version | 11 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 52329 CVE ID: CVE-2012-0008 Microsoft Visual Studio(简称VS)是美国微软公司的开发工具包系列产品。 Microsoft Visual Studio从不安全路径加载插件时存在漏洞,通过在某些目录中放置恶意插件,并诱使用户开启VS,本地攻击者可利用此漏洞获取提升的权限。 0 Microsoft Visual Studio 2010 Microsoft Visual Studio 2008 SP1 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS12-021)以及相应补丁: MS12-021:Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) 链接:http://www.microsoft.com/technet/security/bulletin/MS12-021.asp |
id | SSV:30195 |
last seen | 2017-11-19 |
modified | 2012-03-15 |
published | 2012-03-15 |
reporter | Root |
title | Microsoft Visual Studio Add-In本地权限提升漏洞(MS12-021) |