virus logo Intrusion Prevention

MS.VSC.Markdown.Preview.Enhanced.Extension.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in Microsoft Visual Studio Code - Markdown Preview Enhanced Extension.
The vulnerability is due to improper input validation in the PDF import functionality in Markdown files. A remote attacker can exploit this vulnerability by enticing a target user into opening a crafted Markdown file in Visual Studio Code. Successful exploitation results in the execution of arbitrary code under the security context of the target user.

affected-products-logoAffected Products

Microsoft Visual Studio Code - Markdown Preview Enhanced Extension 0.6.7 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

The vendor has not released an advisory or patch regarding this vulnerability.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-04 28.821
Modified
 Sig Added
2023-05-09 23.549
Modified
 Default_action:pass:drop
2023-03-02 23.505
New
ID 52574
Created Jan 23, 2023
Updated Jul 04, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Exploit Prediction Score 42.55%
Default Action drop
Active
Affected OS Windows
Affected App Other
Profile Type Code Injection