What does that even mean? I download some c++ code from the internet, compile it, run it, and... it runs as my user?
> Exploitation of the vulnerability requires that a user open a specially crafted file which was compiled with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file.
So yeah sure looks like a basic code execution results in code execution. Surprised this even got a CVE.
I guess there is some conceivable exploit where you compile some hostile code written in a safe language to C++ with MSVC and then run it, and the attacker could exploit this bug somehow? But who does that?