What is CVE-2020-1393?

CVE-2020-1393 is a vulnerability in Microsoft Visual Studio. Published 2020-07-14.

Is CVE-2020-1393 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Visual Studio

CVE-2020-1393

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privile…

EPSS: 0.003 (52.3th percentile) — read the EPSS interpretation.

Affected products

Microsoft Visual Studio — versions 2015 Update 3
Microsoft Visual Studio 2017 Version 15.9 (Includes 15.0 - 15.8) — versions unspecified
Microsoft Visual Studio 2019 — versions 16.0
Microsoft Visual Studio 2019 Version 16.4 (Includes 16.0 - 16.3) — versions unspecified
Microsoft Visual Studio 2019 Version 16.6 (Includes 16.0 - 16.5) — versions unspecified
Microsoft Windows — versions 10 Version 1803 for 32-bit Systems, 10 Version 1803 for x64-based Systems, 10 Version 1803 for ARM64-based Systems
Microsoft Windows 10 Version 1903 For 32-bit Systems — versions unspecified
Microsoft Windows 10 Version 1903 For Arm64-based Systems — versions unspecified
Microsoft Windows 10 Version 1903 For X64-based Systems — versions unspecified
Microsoft Windows 10 Version 1909 For 32-bit Systems — versions unspecified

Public proof-of-concept exploits

ExpLangcn/FuYao-Go

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1393 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-1393?: CVE-2020-1393 is a vulnerability in Microsoft Visual Studio. Published 2020-07-14.
Is CVE-2020-1393 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.