.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in .NET, .NET Framework, and Microsoft Visual Studio. This issue arises from a buffer over-read in the .NET runtime, specifically in the 'DiaSymReader.dll' file. The vulnerability allows an attacker to execute arbitrary code by convincing a user to open a maliciously crafted package file in Visual Studio. The affected .NET Framework versions include 4.6/4.6.2, 4.7, 4.7.1, 4.7.2, and 4.8.1, as well as .NET 6.0.0 prior to 6.0.36, .NET 8.0.0 prior to 8.0.11, and .NET 9.0.0.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, a user must open a crafted package file in Microsoft Visual Studio. The file must be designed to exploit the buffer over-read vulnerability in 'DiaSymReader.dll', which is part of the .NET runtime.

Remediation

Users can upgrade to .NET Runtime versions 8.0.12 or 9.0.1. For Visual Studio users, those running Visual Studio 2015 Update 3 should install the latest security update. Customers can also leverage HeroDevs' Never-Ending Support for post-EOL security updates.