CVE-2021-36952: Microsoft Visual Studio DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
First published: Tue Sep 14 2021(Updated: )
Visual Studio Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =16.7 | ||
| =15.9 | ||
| =16.4 | ||
| Microsoft Visual Studio 2017 | >=15.0<=15.9 | |
| Microsoft Visual Studio 2019 | >=16.0<=16.7 | |
| Microsoft Visual Studio |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-36952?
CVE-2021-36952 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio.
How can this vulnerability be exploited?
User interaction is required for this vulnerability to be exploited, such as visiting a malicious page or opening a malicious file.
Which versions of Microsoft Visual Studio are affected?
Microsoft Visual Studio 2019 (includes 16.0 - 16.6) and Microsoft Visual Studio 2017 (includes 15.0 - 15.8) are affected.
What is the severity of CVE-2021-36952?
The severity of CVE-2021-36952 is high, with a CVSS score of 7.8.
How do I fix CVE-2021-36952?
To fix CVE-2021-36952, update to the latest version of Microsoft Visual Studio 2019 (16.7) or Visual Studio 2017 (15.9).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/msrc-cve
- source/Microsoft
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-1076
- alias/ZDI-CAN-14041
- alias/CVE-2021-36952
- agent/weakness
- agent/references
- agent/title
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft visual studio 2017
- version/microsoft visual studio 2017/15.0
- version/microsoft visual studio 2017/15.9
- canonical/microsoft visual studio 2019
- version/microsoft visual studio 2019/16.0
- version/microsoft visual studio 2019/16.7
- canonical/microsoft visual studio
- canonical/microsoft visual studio 2019 (includes 16.0 – 16.6)
- version/microsoft visual studio 2019 (includes 16.0 – 16.6)/16.7
- canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
- version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
- canonical/microsoft visual studio 2019 (includes 16.0 - 16.3)
- version/microsoft visual studio 2019 (includes 16.0 - 16.3)/16.4