Severity
High
Analysis Summary
CVE-2023-23381 CVSS:8.4
Microsoft Visual Studio Code could allow a local attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-21815 CVSS:8.4
Microsoft Visual Studio could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-23381
- CVE-2023-21815
Affected Vendors
Microsoft
Affected Products
- Microsoft Visual Studio 2017 15.9
- Microsoft Visual Studio 2019 16.11
- Microsoft Visual Studio 2022 17.0
- Microsoft Visual Studio 2022 17.2
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.