Vulnerabilities > CVE-2019-0728 - Unspecified vulnerability in Microsoft Visual Studio Code
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | SMB_NT_MS19_FEB_VISUAL_STUDIO_CODE.NASL |
| description | The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.31.1. It is, therefore, affected by a remote code execution vulnerability that exists due to how environment variables are processed. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. |
| last seen | 2020-05-16 |
| modified | 2019-02-15 |
| plugin id | 122255 |
| published | 2019-02-15 |
| reporter | This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/122255 |
| title | Security Update for Microsoft Visual Studio Code (February 2019) |
References
- http://seclists.org/fulldisclosure/2019/Apr/38
- http://seclists.org/fulldisclosure/2019/Apr/38
- http://www.openwall.com/lists/oss-security/2019/04/30/4
- http://www.openwall.com/lists/oss-security/2019/04/30/4
- http://www.securityfocus.com/bid/106913
- http://www.securityfocus.com/bid/106913
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0728
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0728