<< Back
CVE Number Vulnerability Product Severity Date
MS12-021 Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) Microsoft Visual Important 14-03-2012

Technical Information

Brief overview of the risk:
The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users.
Detailed Information on the risk:

An elevation of privilege vulnerability exists in Visual Studio due to the insecure loading of add-ins from within Visual Studio. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Further information on this exploit is available at : MS12-021

Affected Software

Microsoft Visual Studio 2008 Service Pack 1 (KB2669970)
Microsoft Visual Studio 2010 (KB2644980)
Microsoft Visual Studio 2010 Service Pack 1 (KB2645410)