CVE-2024-21409

Summary

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Visual Studio 2022 version 17.917.0 < 17.9.6affected
MicrosoftMicrosoft Visual Studio 2022 version 17.417.4.0 < 17.4.18affected
MicrosoftMicrosoft Visual Studio 2022 version 17.617.6.0 < 17.6.14affected
MicrosoftMicrosoft Visual Studio 2022 version 17.817.8.0 < 17.8.9affected
MicrosoftPowerShell 7.37.3.0 < 7.3.12affected
MicrosoftPowerShell 7.47.4.0 < 7.4.2affected
MicrosoftPowerShell 7.27.2.0 < 7.2.19affected
Microsoft.NET 6.06.0.0 < 6.0.29affected
Microsoft.NET 7.07.0.0 < 7.0.18affected
Microsoft.NET 8.08.0 < 8.0.4affected
MicrosoftMicrosoft .NET Framework 4.84.8.0 < 4.8.4718.0affected
MicrosoftMicrosoft .NET Framework 3.5 AND 4.84.8.0 < 4.8.4718.0affected
MicrosoftMicrosoft .NET Framework 3.5 AND 4.7.24.7.0 < 4.7.4092.0affected
MicrosoftMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.24.7.0 < 4.7.4092.0affected
MicrosoftMicrosoft .NET Framework 3.5 AND 4.8.14.8.1 < 4.8.9236.0affected
MicrosoftMicrosoft .NET Framework 4.6.24.7.0 < 4.7.4092.0affected

Weaknesses

  • CWE-416: CWE-416: Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References