FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

vscode -- VS Code Information Disclosure Vulnerability

Affected packages
vscode < 1.79.1

Details

VuXML ID f0250129-fdb8-41ed-aa9e-661ff5026845
Discovery 2023-06-13
Entry 2023-06-13

VSCode developers reports:

VS Code Information Disclosure Vulnerability

A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. An authorised attacker must send the user a malicious file and convince the user to open it for the vulnerability to occur. Exploiting this vulnerability could allow the disclosure of NTLM hashes.

[source]

References

CVE Name CVE-2023-33144
URL https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.