CVE-2020-16977 in Visual Studio Code情報

要約

〜によって MITRE • 2020年10月17日

<p>A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads a Jupyter notebook file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>To exploit this vulnerability, an attacker would need to convince a target to open a specially crafted file in Visual Studio Code with the Python extension installed.</p> <p>The update addresses the vulnerability by modifying the way Visual Studio Code Python extension renders notebook content.</p>

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

予約する

2020年08月04日

モデレーション

承諾済み

エントリ

VDB-162622

EPSS

0.03352

アクティビティ

非常低い

ソース

Do you need the next level of professionalism?

Upgrade your account now!