threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft visual studio
Product
microsoft visual studio
56 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-49739
all versions
Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privile
8.8
HIGH
CVE-2024-43603
all versions
Visual Studio Collector Service Denial of Service Vulnerability
5.5
MEDIUM
CVE-2024-20656
all versions
Visual Studio Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2023-24897
all versions
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-33139
all versions
Visual Studio Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2022-35827
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-35826
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-35825
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2022-35777
all versions
Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2021-42277
all versions
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
5.5
MEDIUM
CVE-2021-28322
all versions
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2021-28321
all versions
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2021-28313
all versions
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2021-1680
all versions
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2021-1651
all versions
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2020-1133
all versions
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations.
5.5
MEDIUM
CVE-2020-1130
all versions
<p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations.
6.6
MEDIUM
CVE-2020-16874
all versions
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who suc
7.8
HIGH
CVE-2020-16856
all versions
<p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who suc
7.8
HIGH
CVE-2020-1393
all versions
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanit
7.8
HIGH
CVE-2020-1293
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operati
7.8
HIGH
CVE-2020-1278
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operati
7.8
HIGH
CVE-2020-1257
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operati
7.8
HIGH
CVE-2020-1203
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector
7.8
HIGH
CVE-2020-1202
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector
7.8
HIGH
CVE-2019-1232
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain
7.8
HIGH
CVE-2019-1079
all versions
An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visu
6.5
MEDIUM
CVE-2019-0727
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector
7.8
HIGH
CVE-2019-0537
all versions
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens
5.5
MEDIUM
CVE-2018-8599
all versions
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain
7.8
HIGH
CVE-2018-8172
all versions
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a fil
7.8
HIGH
CVE-2018-1037
all versions
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory wh
4.3
MEDIUM
CVE-2014-3802
<= 2012
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly
CVE-2012-0008
all versions
Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges
CVE-2011-1976
all versions
Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 S
CVE-2011-1280
all versions
The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Manageme
CVE-2010-3190
all versions
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visu
7.8
HIGH
CVE-2009-3126
all versions
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Micros
CVE-2009-2528
all versions
GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote atta
CVE-2009-2504
all versions
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Window
CVE-2009-2503
all versions
GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 M
CVE-2009-2502
all versions
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microso
8.1
HIGH
CVE-2009-2501
all versions
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2
CVE-2009-2500
all versions
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Micros
CVE-2009-2495
all versions
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visu
6.5
MEDIUM
CVE-2009-2493
all versions
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visu
8.8
HIGH
CVE-2009-0901
all versions
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2
8.8
HIGH
CVE-2008-3704
all versions
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.
CVE-2007-4891
all versions
A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess
CVE-2007-4890
all versions
Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in
CVE-2007-4254
all versions
Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for
CVE-2007-0468
all versions
Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted
CVE-2006-4494
all versions
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrar
CVE-2006-1043
all versions
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to exe
CVE-2001-0153
all versions
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execu
CVE-2000-0162
all versions
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java ap
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin