QID 91810

QID 91810: Microsoft Visual Studio 2017 Security Update for July 2018

Microsoft has released a security update for Visual Studio which resolves multiple vulnerabilities.

Affected Software:
Microsoft Visual Studio 2017 version 15.7.5
Microsoft Visual Studio 2017

QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of devenv.exe.

Successful exploitation of the vulnerabilities will lead to Remote Code Execution. The vulnerabilities can also allow an attacker to add code to an application, which modifies data in an unintended manner.

CVSS V3 rated as High - 7.8 severity.

CVSS V2 rated as Critical - 9.3 severity.

Solution

For more information, Customers are advised to refer the Security Update Guide.

Vendor References

CVE-2018-8172 - msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-8172
CVE-2018-8232 - msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-8232

CVEs related to QID 91810

CVE-2018-8232 | CVE-2018-8172 |

Software Advisories

Advisory ID	Software	Component	Link
CVE-2018-8172	Windows		msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-8172
CVE-2018-8232	Windows		msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2018-8232

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].