Vulnerability Details CVE-2018-8172
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.19
EPSS Ranking 95.0%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
- http://www.securityfocus.com/bid/104616
- http://www.securitytracker.com/id/1041253
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172
- http://www.securityfocus.com/bid/104616
- http://www.securitytracker.com/id/1041253
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172
Products affected by CVE-2018-8172
-
cpe:2.3:a:microsoft:expression_blend:2
-
cpe:2.3:a:microsoft:expression_blend:3
-
cpe:2.3:a:microsoft:expression_blend:4
-
cpe:2.3:a:microsoft:visual_studio:2010
-
cpe:2.3:a:microsoft:visual_studio:2012
-
cpe:2.3:a:microsoft:visual_studio:2013
-
cpe:2.3:a:microsoft:visual_studio:2015
-
cpe:2.3:a:microsoft:visual_studio_2017:-
-
cpe:2.3:a:microsoft:visual_studio_2017:15.7.5