CVE-2020-16856
Visual Studio Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted file with an affected version of Visual Studio.</p>
<p>The update addresses the vulnerability by correcting how Visual Studio handles objects in memory.</p>
Se presenta una vulnerabilidad de ejecución de código remota en Visual Studio cuando maneja inapropiadamente objetos en la memoria, también se conoce como "Visual Studio Remote Code Execution Vulnerability". Este ID de CVE es diferente de CVE-2020-16874
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the dxtex module. Crafted data in a DDS file can trigger an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-08-04 CVE Reserved
- 2020-09-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16856 | 2023-12-31 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2012 Search vendor "Microsoft" for product "Visual Studio" and version "2012" | update_5 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2013 Search vendor "Microsoft" for product "Visual Studio" and version "2013" | update_5 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio Search vendor "Microsoft" for product "Visual Studio" | 2015 Search vendor "Microsoft" for product "Visual Studio" and version "2015" | update_3 |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio 2017 Search vendor "Microsoft" for product "Visual Studio 2017" | >= 15.0 <= 15.8 Search vendor "Microsoft" for product "Visual Studio 2017" and version " >= 15.0 <= 15.8" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019" | >= 16.0 <= 16.3 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.0 <= 16.3" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Studio 2019 Search vendor "Microsoft" for product "Visual Studio 2019" | >= 16.5 <= 16.6 Search vendor "Microsoft" for product "Visual Studio 2019" and version " >= 16.5 <= 16.6" | - |
Affected
| ||||||