Visual Studio
by Microsoft
CVEs (157)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 0.65 | 7.5 | 1.00 | KEV | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |
| CVE-2009-2493 | Hig | 0.61 | 8.8 | 0.43 | Jul 29, 2009 | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2;… | ||
| CVE-2009-0901 | Hig | 0.61 | 8.8 | 0.42 | Jul 29, 2009 | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does… | ||
| CVE-2026-41109 | Hig | 0.57 | 8.8 | 0.01 | May 12, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network. | ||
| CVE-2018-0952 | Hig | 0.54 | 7.8 | 0.06 | Aug 15, 2018 | An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual… | ||
| CVE-2009-2502 | Hig | 0.54 | 8.1 | 0.22 | Oct 14, 2009 | Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003… | ||
| CVE-2018-8172 | Hig | 0.53 | 7.8 | 0.31 | Jul 11, 2018 | A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4. | ||
| CVE-2018-8232 | Hig | 0.51 | 7.8 | 0.01 | Jul 11, 2018 | A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio. | ||
| CVE-2010-3190 | Hig | 0.51 | 7.8 | 0.09 | Aug 31, 2010 | Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local… | ||
| CVE-2022-29145 | Hig | 0.49 | 7.5 | 0.05 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-29117 | Hig | 0.49 | 7.5 | 0.05 | May 10, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2022-24464 | Hig | 0.49 | 7.5 | 0.03 | Mar 9, 2022 | .NET and Visual Studio Denial of Service Vulnerability | ||
| CVE-2009-2495 | Med | 0.46 | 6.5 | 0.42 | Jul 29, 2009 | The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via… | ||
| CVE-2026-32203 | Hig | 0.42 | 7.5 | 0.01 | Apr 14, 2026 | Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||
| CVE-2026-32178 | Hig | 0.42 | 7.5 | 0.01 | Apr 14, 2026 | Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2022-38013 | Hig | 0.42 | 7.5 | 0.03 | Sep 13, 2022 | .NET Core and Visual Studio Denial of Service Vulnerability | ||
| CVE-2026-23653 | Med | 0.37 | 5.7 | 0.01 | Apr 14, 2026 | Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | ||
| CVE-2022-24512 | Med | 0.34 | 6.3 | 0.02 | Mar 9, 2022 | .NET and Visual Studio Remote Code Execution Vulnerability | ||
| CVE-2018-1037 | Med | 0.28 | 4.3 | 0.06 | Apr 12, 2018 | An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. | ||
| CVE-2022-41034 | 0.08 | — | 0.67 | Oct 11, 2022 | Visual Studio Code Remote Code Execution Vulnerability |
- risk 0.65cvss 7.5epss 1.00
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- risk 0.61cvss 8.8epss 0.43
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2;…
- risk 0.61cvss 8.8epss 0.42
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does…
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network.
- risk 0.54cvss 7.8epss 0.06
An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual…
- risk 0.54cvss 8.1epss 0.22
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003…
- risk 0.53cvss 7.8epss 0.31
A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
- risk 0.51cvss 7.8epss 0.01
A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.
- risk 0.51cvss 7.8epss 0.09
Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local…
- risk 0.49cvss 7.5epss 0.05
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.05
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.49cvss 7.5epss 0.03
.NET and Visual Studio Denial of Service Vulnerability
- risk 0.46cvss 6.5epss 0.42
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via…
- risk 0.42cvss 7.5epss 0.01
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
- risk 0.42cvss 7.5epss 0.01
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
- risk 0.42cvss 7.5epss 0.03
.NET Core and Visual Studio Denial of Service Vulnerability
- risk 0.37cvss 5.7epss 0.01
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
- risk 0.34cvss 6.3epss 0.02
.NET and Visual Studio Remote Code Execution Vulnerability
- risk 0.28cvss 4.3epss 0.06
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.
- CVE-2022-41034Oct 11, 2022risk 0.08cvss —epss 0.67
Visual Studio Code Remote Code Execution Vulnerability
Page 1 of 8