Vulnerabilities > CVE-2019-1077 - Unspecified vulnerability in Microsoft Visual Studio 2017 and Visual Studio 2019
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions, aka 'Visual Studio Elevation of Privilege Vulnerability'.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Nessus
| NASL family | Windows : Microsoft Bulletins |
| NASL id | SMB_NT_MS19_JUL_VISUAL_STUDIO.NASL |
| description | The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. (CVE-2019-1079) - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-1113) - An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content in the security context of the local system. (CVE-2019-1077) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 126604 |
| published | 2019-07-11 |
| reporter | This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/126604 |
| title | Security Updates for Microsoft Visual Studio Products (July 2019) |