Visual Studio
CVE-2019-0537 — Microsoft Visual Studio Information Disclosure Vulnerability
Executive Summary
An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An attacker who took advantage of this information disclosure could view arbitrary file contents from the computer where the victim launched Visual Studio. To take advantage of the vulnerability, an attacker would need to trick a user into opening a malicious .vscontent file using a vulnerable version of Visual Studio. An attacker would have no way to force a developer to produce this information disclosure. The security update addresses the vulnerability by correcting how Visual Studio loads .vscontent files.
Overview
Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
EPSS Score
0.07614
probability of exploitation in the next 30 days
0.9378 percentile - updated 2026-06-20
View on FIRST.org
Affected Products
2 affected products
| Product | KB Article | Severity | Impact | Restart Required |
|---|---|---|---|---|
| Microsoft Visual Studio 2010 Service Pack 1 | 4476698 (Security Update) |
Important | Information Disclosure | Maybe |
| Microsoft Visual Studio 2012 Update 5 | 4476755 (Security Update) |
Important | Information Disclosure | Maybe |
Patches
2 patches
| Article | Type | Restart |
|---|---|---|
4476698 |
Security Update | Maybe |
4476755 |
Security Update | Maybe |
Known Exploits
No known exploits have been linked for this CVE yet. When available, exploit references will be sourced from public repositories and may be unverified, incomplete, or non-functional. Always review code carefully before use in any environment.
Acknowledgments
rgod of 9sg Security Team working with Trend Micro's Zero Day Initiative
References
On This Page