Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability

Bugtraq ID:	52329
Class:	Unknown
CVE:	CVE-2012-0008
Remote:	No
Local:	Yes
Published:	Mar 13 2012 12:00AM
Updated:	Mar 13 2012 12:00AM
Credit:	Laplinker
Vulnerable:	Microsoft Visual Studio 2010 SP1 Microsoft Visual Studio 2010 0 Microsoft Visual Studio 2008 SP1
Not Vulnerable:

Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability

Microsoft Visual Studio is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will result in the complete compromise of affected computers.

Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability

Currently we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability

Solution:
Vendor updates are available. Please see the reference advisory for more information.


Microsoft Visual Studio 2010 SP1

• Microsoft Security Update for Microsoft Visual Studio 2010 Service Pack 1 (KB2645410)
  http://www.microsoft.com/downloads/details.aspx?familyid=e2aaec35-b2c0 -48f0-8a51-34e44f6d12fb

Microsoft Visual Studio Add-In Local Privilege Escalation Vulnerability

References:

• Microsoft Homepage (Microsoft)
  
• Microsoft Security Bulletin MS12-021 (Microsoft)