How severe is CVE-2020-16874?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2020-16874 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Microsoft Visual Studio 2012 Update 5

CVE-2020-16874

<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the cur…

EPSS: 0.122 (94.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C.

Affected products

Microsoft Visual Studio 2012 Update 5 — versions 11.0.0
Microsoft Visual Studio 2013 Update 5 — versions 12.0.0
Microsoft Visual Studio 2015 Update 3 — versions 14.0.0
Microsoft Visual Studio 2017 Version 15.9 (Includes 15.0 - 15.8) — versions 15.9.0
Microsoft Visual Studio 2019 Version 16.0 — versions 16.0
Microsoft Visual Studio 2019 Version 16.4 (Includes 16.0 - 16.3) — versions 16.0
Microsoft Visual Studio 2019 Version 16.7 (Includes 16.0 – 16.6) — versions 16.0.0

Public proof-of-concept exploits

References

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16874 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-16874?: CVE-2020-16874 is a high-severity vulnerability in Microsoft Visual Studio 2012 Update 5. CVSS score: 7.8/10. Published 2020-09-11.
How severe is CVE-2020-16874?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2020-16874 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.