(MS12-021) Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2012-0008
Date du conseil: 14 mars 2012
Description
(MS12-021) Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Solutions
Affected software and version:
- Microsoft Visual Studio 2008 Service Pack 1 (KB2669970)
- Microsoft Visual Studio 2010 (KB2644980)
- Microsoft Visual Studio 2010 Service Pack 1 (KB2645410)