Vulnerability Name: | CCN-220682 | ||||||
Published: | 2022-03-01 | ||||||
Updated: | 2022-03-01 | ||||||
Summary: | Microsoft Visual Studio is vulnerable to a denial of service, caused by a flaw in the installer. By creating a specially-crafted symbolic link, a local authenticated attacker could exploit this vulnerability to write a file to cause a denial of service condition on the system. | ||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H) 4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:U/RC:R)
| ||||||
CVSS v2 Severity: | 4.5 Medium (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:N/I:P/A:C)
| ||||||
Vulnerability Consequences: | Denial of Service | ||||||
References: | Source: XF Type: UNKNOWN ms-visual-linkfollowing03-dos(220682) Source: CCN Type: Microsoft Web site Visual Studio Source: CCN Type: ZDI-22-428 (0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |