Vulnerability in Microsoft Visual Studio
CVE-2020-0900
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations, aka 'Visual Studio Extension Installer Service Elevation of Privilege Vulnerability'.
EPSS: 0.003 (56.0th percentile) — read the EPSS interpretation.
Affected products
- Microsoft Visual Studio — versions 2015 Update 3
- Microsoft Visual Studio 2017 Version 15.9 (Includes 15.1 - 15.8) — versions unspecified
- Microsoft Visual Studio 2019 — versions 16.0
- Microsoft Visual Studio 2019 Version 16.4 (Includes 16.0 - 16.3) — versions unspecified
- Microsoft Visual Studio 2019 Version 16.5 — versions unspecified
References
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0900 (x_refsource_MISC)