VYPR
← All advisories
High severityNVD Advisory· Published Sep 12, 2023· Updated Oct 30, 2025

Visual Studio Remote Code Execution Vulnerability

CVE-2023-36796

Description

Visual Studio Remote Code Execution Vulnerability

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A vulnerability in Microsoft.DiaSymReader.Native.amd64.dll when processing corrupted PDB files allows remote code execution on Windows systems running affected .NET versions.

The vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file, leading to memory corruption that can be exploited for remote code execution. This issue affects .NET 7.0 and 6.0 on Windows systems [1].

Exploitation requires the attacker to supply a specially crafted PDB file to an application using the affected component. No authentication is needed if the file is provided externally, but the user must open the file [1].

Successful exploitation could allow an attacker to execute arbitrary code in the context of the application. This could lead to full system compromise if the application runs with high privileges [1].

Microsoft has released updates to fix this vulnerability in .NET 7.0.11 and .NET 6.0.22. Users should update their .NET SDKs and runtimes. The same patch also addresses related CVEs (CVE-2023-36792, CVE-2023-36793) [1].

References
  1. Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
Microsoft.NETCore.App.Runtime.win-arm64NuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.win-arm64NuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.win-x64NuGet
>= 7.0.0, < 7.0.117.0.11
Microsoft.NETCore.App.Runtime.win-x64NuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.win-x86NuGet
>= 6.0.0, < 6.0.226.0.22
Microsoft.NETCore.App.Runtime.win-x86NuGet
>= 7.0.0, < 7.0.117.0.11

Affected products

28
  • osv-coords5 versions
    pkg:bitnami/dotnetpkg:bitnami/dotnet-sdkpkg:nuget/microsoft.netcore.app.runtime.win-arm64pkg:nuget/microsoft.netcore.app.runtime.win-x64pkg:nuget/microsoft.netcore.app.runtime.win-x86
    >= 6.0.0, < 6.0.1+ 4 more
    • (no CPE)range: >= 6.0.0, < 6.0.1
    • (no CPE)range: >= 6.0.0, < 6.0.1
    • (no CPE)range: >= 7.0.0, < 7.0.11
    • (no CPE)range: >= 7.0.0, < 7.0.11
    • (no CPE)range: >= 6.0.0, < 6.0.22
  • Microsoft/Microsoft .NET Framework 2.0 Service Pack 2v5
    Range: 2.0.0
  • Microsoft/Microsoft .NET Framework 3.0 Service Pack 2v5
    Range: 3.0.0
  • Microsoft/Microsoft .NET Framework 3.5v5
    Range: 3.5.0
  • Microsoft/Microsoft .NET Framework 3.5.1v5
    Range: 3.5.0
  • Microsoft/Microsoft .NET Framework 3.5 and 4.6.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2v5
    Range: 3.0.0.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.7.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8v5
    Range: 4.8.0
  • Microsoft/Microsoft .NET Framework 3.5 AND 4.8.1v5
    Range: 4.8.1
  • Microsoft/Microsoft .NET Framework 4.6.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2v5
    Range: 4.7.0
  • Microsoft/Microsoft .NET Framework 4.8v5
    Range: 4.8.0
  • Microsoft/Microsoft Visual Studio 2013 Update 5v5
    Range: 12.0.0
  • Microsoft/Microsoft Visual Studio 2015 Update 3v5
    Range: 14.0.0
  • Microsoft/Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)v5
    Range: 15.9.0
  • Microsoft/Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)v5
    Range: 16.11.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.2v5
    Range: 17.2.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.4v5
    Range: 17.4.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.6v5
    Range: 17.6.0
  • Microsoft/Microsoft Visual Studio 2022 version 17.7v5
    Range: 17.7.0
  • Microsoft/.NET 6.0v5
    Range: 6.0.0
  • Microsoft/.NET 7.0v5
    Range: 7.0.0
  • Microsoft/PowerShell 7.2v5
    Range: 7.2.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.