Severity: : High
  CVE Kennungen: : CVE-2012-0008
  Advisory Date: 14 de марта de 2012

  DESCRIPTION

(MS12-021) Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)

This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.

  SOLUTION

  AFFECTED SOFTWARE AND VERSION:

  • Microsoft Visual Studio 2008 Service Pack 1 (KB2669970)
  • Microsoft Visual Studio 2010 (KB2644980)
  • Microsoft Visual Studio 2010 Service Pack 1 (KB2645410)