Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability

Bugtraq ID:	104616
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2018-8172
Remote:	Yes
Local:	No
Published:	Jul 10 2018 12:00AM
Updated:	Aug 02 2018 05:00AM
Credit:	Soroush Dalili of NCC Group
Vulnerable:	Microsoft Visual Studio 2017 15.8 Preview Microsoft Visual Studio 2017 15.7.5 Microsoft Visual Studio 2017 0 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2013 Update 5 Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2010 SP1 Microsoft Expression Blend 4 Service Pack 3 Microsoft Expression Blend 3 Service Pack 1 Microsoft Expression Blend 2 Service Pack 2
Not Vulnerable:

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability

Microsoft Visual Studio is prone to a remote code-execution vulnerability.

An attacker can leverage this issue to execute arbitrary code in the context of the current-user. Failed exploit attempts will likely result in denial of service conditions.

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Microsoft Visual Studio CVE-2018-8172 Remote Code Execution Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2018-8172 | Visual Studio Remote Code Execution Vulnerability (Microsoft)