Primary

Context

Microsoft Visual Studio Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in multiple versions of Microsoft Visual Studio, including Visual Studio 2015 Update 3, Visual Studio 2019 version 16.11, Visual Studio 2022 versions 17.6, 17.8, 17.10, and 17.12. This vulnerability arises from a heap-based buffer overflow and an out-of-bounds read, allowing attackers to execute arbitrary code by convincing users to open a maliciously crafted package file in Visual Studio.

Impact

Exploitation of this vulnerability allows for remote code execution.

Remediation

Users can update to the latest version of Visual Studio 2015 Update 3, 2019 version 16.11, or Visual Studio 2022 versions 17.6, 17.8, 17.10, or 17.12. Instructions for downloading these updates are available on the Microsoft Visual Studio website.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Visual Studio Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Microsoft Visual Studio 2019

Microsoft Visual Studio 2022

Microsoft Visual Studio 2017

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating