Hacker News new | past | comments | ask | show | jobs | submit login

https://portal.msrc.microsoft.com/en-US/security-guidance/ad...

> Exploitation of the vulnerability requires that a user open a specially crafted file which was compiled with an affected version of Visual Studio. In an email attack scenario, an attacker could exploit the vulnerability by sending a specially crafted project, or resource file, to the user and convince the user to open the file.

So yeah sure looks like a basic code execution results in code execution. Surprised this even got a CVE.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: