.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 | 17.4.0 |
| Microsoft | Microsoft Visual Studio 2022 version 17.6 | 17.6.0 |
| Microsoft | Microsoft Visual Studio 2022 version 17.8 | 17.8.0 |
| Microsoft | .NET 6.0 | 6.0.0 |
| Microsoft | Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 | 4.7.0 |
| Microsoft | Microsoft .NET Framework 3.5 AND 4.8.1 | 4.8.1 |
| Microsoft | Microsoft .NET Framework 4.6.2 | 4.7.0 |
| Microsoft | Microsoft .NET Framework 4.6/4.6.2 | 10.0.0.0 |
| Microsoft | Microsoft .NET Framework 2.0 Service Pack 2 | 2.0.0 |
| Microsoft | Microsoft .NET Framework 3.0 Service Pack 2 | 3.0.0 |
| Microsoft | Microsoft .NET Framework 3.5 | 3.5.0 |
| Microsoft | Microsoft .NET Framework 3.5.1 | 3.5.0 |
| Microsoft | Microsoft .NET Framework 4.8 | 4.8.0 |
| Microsoft | Microsoft .NET Framework 3.5 AND 4.8 | 4.8.0 |
| Microsoft | Microsoft .NET Framework 3.5 AND 4.7.2 | 4.7.0 |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.