Main Vulnerability Database Vulnerabilities #VU35716

Information disclosure in Visual Studio - CVE-2019-1079

Published: July 15, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35716

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-1079

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Visual Studio

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.

How to mitigate CVE-2019-1079

Install update from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079

Information disclosure in Visual Studio - CVE-2019-1079

Detailed vulnerability description

How to mitigate CVE-2019-1079

Sources

Please verify you're human