ZDI-23-1459: Microsoft Visual Studio DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability | allinfosecnews.com

Sept. 27, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

arbitrary code attackers code code execution exploit file malicious microsoft out-of-bounds out-of-bounds write page parsing remote code remote code execution studio target visual studio vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +14

ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +14

ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +16

ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability 14 hours ago | www.zerodayinitiative.com

0day attackers authentication authentication bypass +12

ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +17

ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability 14 hours ago | www.zerodayinitiative.com

0day attackers authentication cgi +13

ZDI-24-444: (0Day) D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +18

ZDI-24-443: (0Day) D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability 14 hours ago | www.zerodayinitiative.com

0day assistant attacker attackers +22

ZDI-24-442: (0Day) D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability 14 hours ago | www.zerodayinitiative.com

0day arbitrary code attackers authentication +17

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Cyberark Engineer

@ Global Payments | Plano

View on infosec-jobs.com

Group Specialist – Network Security

@ DP World | Bengaluru, Karnataka, India

View on infosec-jobs.com

Cybersecurity Service Engineer

@ Atos | Timisoara, RO

View on infosec-jobs.com

Senior Malware Reverse Engineer

@ CodeHunter | McLean, Virginia, United States - Remote

View on infosec-jobs.com

Cybersecurity Software Engineer

@ LinQuest | Beavercreek, Ohio, United States

View on infosec-jobs.com