Hillstone Networks

RULE（RULE ID：331132）

Rule General Information


Release Date:		2020-09-08

Rule Name:		Microsoft Visual Studio Vscontent XML External Entity Injection Vulnerability -2 (CVE-2019-0537)

Severity:

CVE ID:

Rule Protection Details


Description:		An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows

Reference:		SecurityFocusBID:106390 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0537

Solutions

The vendors have released upgrade patches to fix vulnerabilities, please visit:
https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0537