| ID |
CVE-2012-0008
|
| Summary |
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021
'An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.'
'The vulnerability could not be exploited remotely or by anonymous users.' Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path'
|
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*
|
| CVSS |
| Base: | 6.9 (as of 12-10-2018 - 22:01) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| msbulletin
via4
|
| bulletin_id | MS12-021 | | bulletin_url | | | date | 2012-03-13T00:00:00 | | impact | Elevation of Privilege | | knowledgebase_id | 2651019 | | knowledgebase_url | | | severity | Important | | title | Vulnerability in Visual Studio Could Allow Elevation of Privilege |
|
| oval
via4
|
| accepted | 2014-01-06T04:00:07.092-05:00 | | class | vulnerability | | contributors | | name | Josh Turpin | | organization | Symantec Corporation |
| name | Maria Kedovskaya | | organization | ALTX-SOFT |
| | definition_extensions | | comment | Microsoft Visual Studio 2008 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:6205 |
| comment | Microsoft Visual Studio 2010 is installed | | oval | oval:org.mitre.oval:def:7533 |
| comment | Microsoft Visual Studio 2010 Service Pack 1 is installed | | oval | oval:org.mitre.oval:def:14969 |
| | description | Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability." | | family | windows | | id | oval:org.mitre.oval:def:15081 | | status | accepted | | submitted | 2012-03-13T13:00:00 | | title | Visual Studio Add-In Vulnerability | | version | 11 |
|
| refmap
via4
|
| bid | 52329 | | cert | TA12-073A | | sectrack | 1026792 | | secunia | 48396 | | xf | ms-visual-studio-priv-esc(73537) |
|
| Last major update |
12-10-2018 - 22:01 |
| Published |
13-03-2012 - 21:55 |
| Last modified |
12-10-2018 - 22:01 |
