cvelistv5 - CVE-2012-0008

CVE-2012-0008 (GCVE-0-2012-0008)

Vulnerability from cvelistv5

Published

2012-03-13 21:00

Modified

2024-08-06 18:09

Severity ?

CWE

Summary

Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."

References

URL

Tags

secure@microsoft.com	http://secunia.com/advisories/48396
secure@microsoft.com	http://www.securityfocus.com/bid/52329
secure@microsoft.com	http://www.securitytracker.com/id?1026792
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-073A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/73537
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48396
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52329
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026792
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-073A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/73537
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:17.136Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48396",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48396"
          },
          {
            "name": "MS12-021",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
          },
          {
            "name": "ms-visual-studio-priv-esc(73537)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
          },
          {
            "name": "52329",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/52329"
          },
          {
            "name": "TA12-073A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:15081",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
          },
          {
            "name": "1026792",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026792"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "48396",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48396"
        },
        {
          "name": "MS12-021",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
        },
        {
          "name": "ms-visual-studio-priv-esc(73537)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
        },
        {
          "name": "52329",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/52329"
        },
        {
          "name": "TA12-073A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:15081",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
        },
        {
          "name": "1026792",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026792"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0008",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48396",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48396"
            },
            {
              "name": "MS12-021",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
            },
            {
              "name": "ms-visual-studio-priv-esc(73537)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
            },
            {
              "name": "52329",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/52329"
            },
            {
              "name": "TA12-073A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:15081",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
            },
            {
              "name": "1026792",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026792"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2012-0008",
    "datePublished": "2012-03-13T21:00:00",
    "dateReserved": "2011-11-09T00:00:00",
    "dateUpdated": "2024-08-06T18:09:17.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0008\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2012-03-13T21:55:01.277\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \\\"Visual Studio Add-In Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de ruta de b\u00fasqueda no confiable en Microsoft Visual Studio 2008 SP1, 2010, y 2010 SP1 permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya en un directorio especificado, tambi\u00e9n conocido como Visual Studio Add-In Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DD0F743-9881-4934-944A-982F994FC595\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/48396\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/52329\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securitytracker.com/id?1026792\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-073A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/73537\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/48396\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/52329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1026792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-073A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/73537\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/426.html\\r\\n\\r\\n\u0027CWE-426: Untrusted Search Path\u0027\\r\\n\",\"evaluatorImpact\":\"Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021\\r\\n\\r\\n\u0027An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.\u0027\\r\\n\\r\\n\u0027The vulnerability could not be exploited remotely or by anonymous users.\u0027\"}}"
  }
}

fkie_cve-2012-0008

Vulnerability from fkie_nvd

Published

2012-03-13 21:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/48396
secure@microsoft.com	http://www.securityfocus.com/bid/52329
secure@microsoft.com	http://www.securitytracker.com/id?1026792
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA12-073A.html	US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/73537
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/48396
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/52329
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1026792
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA12-073A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/73537
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081

Impacted products

Vendor	Product	Version
microsoft	visual_studio	2008
microsoft	visual_studio	2010
microsoft	visual_studio	2010

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AB2C8C4-7E86-4736-9CE4-2E65E4EDBF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
              "matchCriteriaId": "7613B7D7-CF12-4D8D-AEE1-6274C1D7BEF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4DD0F743-9881-4934-944A-982F994FC595",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en Microsoft Visual Studio 2008 SP1, 2010, y 2010 SP1 permite a usuarios locales conseguir privilegios a trav\u00e9s de un caballo de Troya en un directorio especificado, tambi\u00e9n conocido como Visual Studio Add-In Vulnerability.\""
    }
  ],
  "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027\r\n",
  "evaluatorImpact": "Per: http://technet.microsoft.com/en-us/security/bulletin/ms12-021\r\n\r\n\u0027An attacker could then place a specially crafted add-in in the path used by Visual Studio. When Visual Studio is started by an administrator, the specially crafted add-in would be loaded with the same privileges as the administrator.\u0027\r\n\r\n\u0027The vulnerability could not be exploited remotely or by anonymous users.\u0027",
  "id": "CVE-2012-0008",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-13T21:55:01.277",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://secunia.com/advisories/48396"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/52329"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securitytracker.com/id?1026792"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48396"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026792"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-q9c6-m9p3-3gc7

Vulnerability from github

Published

2022-05-04 00:27

Modified

2022-05-04 00:27

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0008"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-03-13T21:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\"",
  "id": "GHSA-q9c6-m9p3-3gc7",
  "modified": "2022-05-04T00:27:41Z",
  "published": "2022-05-04T00:27:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0008"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/48396"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/52329"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1026792"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2012-0008

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-0008

Aliases

CVE-2012-0008

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0008",
    "description": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\"",
    "id": "GSD-2012-0008"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0008"
      ],
      "details": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\"",
      "id": "GSD-2012-0008",
      "modified": "2023-12-13T01:20:14.040927Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2012-0008",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "48396",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/48396"
          },
          {
            "name": "MS12-021",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
          },
          {
            "name": "ms-visual-studio-priv-esc(73537)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
          },
          {
            "name": "52329",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/52329"
          },
          {
            "name": "TA12-073A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:15081",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
          },
          {
            "name": "1026792",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1026792"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2008:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-0008"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA12-073A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:15081",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
            },
            {
              "name": "ms-visual-studio-priv-esc(73537)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
            },
            {
              "name": "1026792",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1026792"
            },
            {
              "name": "52329",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/52329"
            },
            {
              "name": "48396",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/48396"
            },
            {
              "name": "MS12-021",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T22:01Z",
      "publishedDate": "2012-03-13T21:55Z"
    }
  }
}

CERTA-2012-AVI-139

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Visual Studio, qui permet une élévation de privilèges.

Description

Une vulnérabilité a été corrigée dans Visual Studio. Un attaquant qui placerait un complément (Plug-in) spécialement conçu dans le chemin prévu par Visual Studio pourrait obtenir l'éxécution de code avec des privilèges d'administrateur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Visual Studio 2010 ;
Microsoft	N/A	Microsoft Visual Studio 2010 SP1.
Microsoft	N/A	Microsoft Visual Studio 2008 SP1 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-0008 (GCVE-0-2012-0008)

Vulnerability from cvelistv5

fkie_cve-2012-0008

Vulnerability from fkie_nvd

ghsa-q9c6-m9p3-3gc7

Vulnerability from github

gsd-2012-0008

Vulnerability from gsd

CERTA-2012-AVI-139

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature