CVE-2018-8172

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
microsoftCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
microsoftvisual_studio_2017
-
microsoftvisual_studio_2017
15.7.5
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/104616
http://www.securitytracker.com/id/1041253
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172
http://www.securityfocus.com/bid/104616
http://www.securitytracker.com/id/1041253
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172