CVE-2018-8172

HIGH

Microsoft Visual Studio - RCE

Title source: llm

Description

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.

Exploits (2)

nomisec WRITEUP 3 stars

by SyFi · poc

https://github.com/SyFi/CVE-2018-8172

View Code ZIP pw:eip

gitlab SUSPICIOUS

by 0x1 · poc

https://gitlab.com/0x1/CVE-2018-8172

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104616

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1041253

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8172

Scores

CVSS v3 7.8

EPSS 0.1608

EPSS Percentile 94.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published

Products (9)

microsoft/expression_blend 2 sp2

microsoft/expression_blend 3 sp1

microsoft/expression_blend 4 sp3

microsoft/visual_studio 2010 sp1

microsoft/visual_studio 2012 update_5

microsoft/visual_studio 2013 update_5

microsoft/visual_studio 2015 update3

microsoft/visual_studio_2017

microsoft/visual_studio_2017 15.7.5

Published Jul 11, 2018

Tracked Since Feb 18, 2026