PT-2023-3115 · Microsoft+1 · Visual Studio+3

Published

2023-06-13

·

Updated

2024-12-13

·

CVE-2023-24895

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions .NET Framework versions (affected versions not specified) .NET versions (affected versions not specified) Visual Studio versions (affected versions not specified)
Description The issue is related to insufficient input validation in the software platforms. It may allow an attacker to execute arbitrary code using a specially crafted file. This could potentially affect the system.
Recommendations For .NET Framework, update to a version that includes the fix for this issue. For .NET, apply the necessary security patches to prevent exploitation. For Visual Studio, consider restricting the use of potentially vulnerable components until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2023-4590
ALT-PU-2023-4591
ALT-PU-2023-4592
ALT-PU-2023-4593
ALT-PU-2023-4594
ALT-PU-2023-4595
ALT-PU-2023-4610
ALT-PU-2023-4611
ALT-PU-2024-16792
ALT-PU-2024-16794
ALT-PU-2024-16796
ALT-PU-2024-16939
BDU:2023-03210
BIT-DOTNET-2023-24895
BIT-DOTNET-SDK-2023-24895
CVE-2023-24895
GHSA-JH2H-QCRW-GHG7

Affected Products

.Net Framework
Alt Linux
Net
Visual Studio