Vulnerabilities > Microsoft > Visual Studio > 2010
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-15 | CVE-2019-1079 | Improper Input Validation vulnerability in Microsoft Visual Studio An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'. | 4.3 |
| 2019-01-08 | CVE-2019-0537 | Unspecified vulnerability in Microsoft Visual Studio 2010/2012 An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. network microsoft | 4.3 |
| 2018-07-11 | CVE-2018-8172 | Unspecified vulnerability in Microsoft Expression Blend, Visual Studio and Visual Studio 2017 A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | 7.8 |
| 2018-04-12 | CVE-2018-1037 | Use of Uninitialized Resource vulnerability in Microsoft Visual Studio and Visual Studio 2017 An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. | 4.3 |
| 2014-05-20 | CVE-2014-3802 | Improper Input Validation vulnerability in Microsoft products msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file. | 6.8 |
| 2012-03-13 | CVE-2012-0008 | Local Privilege Escalation vulnerability in Microsoft Visual Studio 2008/2010 Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021 'An attacker could then place a specially crafted add-in in the path used by Visual Studio. local microsoft | 6.9 |
| 2011-06-16 | CVE-2011-1280 | Information Exposure vulnerability in Microsoft products The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." | 4.3 |
| 2010-08-31 | CVE-2010-3190 | Untrusted Search Path vulnerability in multiple products Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html CWE-426: Untrusted Search Path | 9.3 |