Primary

Context

.NET and Visual Studio Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in .NET and Microsoft Visual Studio. This issue arises from a heap-based buffer overflow, which is triggered by an integer overflow in the 'msdia140.dll' file. The vulnerability affects multiple versions of the .NET runtime and several releases of Visual Studio. Exploitation requires convincing a user to open a maliciously crafted package file in Visual Studio.

Impact

Exploitation of this vulnerability allows for remote code execution.

Remediation

Users can upgrade to .NET Runtime versions 8.0.12 or 9.0.1. For Visual Studio, users should install the latest security update available for their version. Visual Studio 2015 Update 3 users can download the security update from the Microsoft Update Catalog.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

.NET and Visual Studio Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft .NET

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating