Microsoft Visual Studio — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Visual Studio, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (56)
CVE-2009-2503 — CVSS 9.3 (critical): GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-3126 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2528 — CVSS 9.3 (critical): GDI+ in Microsoft Office XP SP3 does not properly handle malformed objects in Office Art Property Tables, which allows remote attackers to…
CVE-2008-3704 — CVSS 9.3 (critical): Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in…
CVE-2009-2504 — CVSS 9.3 (critical): Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2…
CVE-2009-2500 — CVSS 9.3 (critical): Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft…
CVE-2009-2501 — CVSS 9.3 (critical): Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007…
CVE-2009-0901 — CVSS 8.8 (high): The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1…
CVE-2009-2493 — CVSS 8.8 (high): The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++…
CVE-2025-49739 — CVSS 8.8 (high): Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over…
CVE-2009-2502 — CVSS 8.1 (high): Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office…
CVE-2020-1257 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2010-3190 — CVSS 7.8 (high): Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio…
CVE-2018-8172 — CVSS 7.8 (high): A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an…
CVE-2018-8599 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file…
CVE-2019-0727 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows…
CVE-2019-1232 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file…
CVE-2020-1202 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to…
CVE-2020-1203 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to…
CVE-2020-1278 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2020-1293 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka…
CVE-2020-1393 — CVSS 7.8 (high): An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize…
CVE-2020-16856 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully…
CVE-2020-16874 — CVSS 7.8 (high): <p>A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully…
CVE-2001-0153 — CVSS 7.5 (high): Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute…
CVE-2006-4494 — CVSS 7.5 (high): Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by…
CVE-2012-0008 — CVSS 6.9 (medium): Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a…
CVE-2007-4891 — CVSS 6.8 (medium): A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in Microsoft Visual Studio 6.0 exposes dangerous (1) StartProcess, (2)…
CVE-2014-3802 — CVSS 6.8 (medium): msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate…
CVE-2007-4254 — CVSS 6.8 (medium): Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL in Microsoft Visual Database Tools Database Designer 7.0 for…
CVE-2007-0468 — CVSS 6.8 (medium): Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote…
CVE-2020-1130 — CVSS 6.6 (medium): <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An…
CVE-2019-1079 — CVSS 6.5 (medium): An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio…
CVE-2009-2495 — CVSS 6.5 (medium): The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++…
CVE-2007-4890 — CVSS 5.8 (medium): Absolute directory traversal vulnerability in a certain ActiveX control in the VB To VSI Support Library (VBTOVSI.DLL) 1.0.0.0 in Microsoft…
CVE-2020-1133 — CVSS 5.5 (medium): <p>An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An…
CVE-2019-0537 — CVSS 5.5 (medium): An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a…
CVE-2000-0162 — CVSS 5.1 (medium): The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that…
CVE-2006-1043 — CVSS 5.1 (medium): Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute…
CVE-2011-1976 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows…
CVE-2011-1280 — CVSS 4.3 (medium): The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio…
CVE-2018-1037 — CVSS 4.3 (medium): An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while…