Severity
High
Analysis Summary
CVE-2023-24893 CVSS:7.8
Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-28299 CVSS:5.5
Microsoft Visual Studio could allow a local authenticated attacker to conduct spoofing attacks.
CVE-2023-28262 CVSS:7.8
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain administrative privileges.
CVE-2023-28263 CVSS:5.5
Microsoft Visual Studio could allow a local authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to cross the kernel security boundary, obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-28296 CVSS:8.4
Microsoft Visual Studio could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-24893
- CVE-2023-28299
- CVE-2023-28262
- CVE-2023-28263
- CVE-2023-28296
Affected Vendors
Microsoft
Affected Products
- Microsoft Visual Studio Code
- Microsoft Visual Studio 2022 17.4
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.