At any point of the digital transition,…
Saturday, October 17, 2020, 23:20 GMT
CCVE-2020-17023 | Visual Studio JSON Remote Code Execution Vulnerability
When a user is fooled into opening a malicious ‘package.json’ file, aka ‘Visual Studio JSON Remote Code Execution Vulnerability’, a remote code execution vulnerability occurs in Visual Studio Code.
In Visual Studio Code, a remote code execution flaw occurs when a user is fooled into opening a malicious ‘package.json’ file. An attacker who exploited the vulnerability successfully could execute arbitrary code in the current user’s context. An attacker may take control of the affected device if the current user is logged in with administrative user privileges. An intruder may then install programs; access, alter, or remove data; or build full user-rights new accounts.
An attacker will need to persuade a target to clone a repository and open it in Visual Studio Code to exploit this vulnerability. When the target opens the malicious ‘package.json’ file, the attacker-specified code is executed.