Login Sign Up

CVE-2020-17150

7.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2020-17150 is a remote code execution vulnerability in Visual Studio Code that allows attackers to execute arbitrary code by tricking users into opening a maliciously crafted file. This affects users of Visual Studio Code who open files from untrusted sources. The vulnerability requires user interaction but can lead to full system compromise.

💻 Affected Systems

Products:
  • Visual Studio Code
Versions: Versions prior to 1.52.0
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected Visual Studio Code versions are vulnerable by default when opening files.

📦 What is this software?

Tslint by Microsoft

View all CVEs affecting Tslint →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining the same privileges as the user running Visual Studio Code, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware execution on the user's workstation, compromising sensitive development environments and source code.

🟢

If Mitigated

Limited impact if users only open trusted files and have proper endpoint protection, though risk remains for targeted attacks.

🌐 Internet-Facing: MEDIUM - Requires user interaction but can be delivered via email attachments, downloads, or compromised websites.
🏢 Internal Only: MEDIUM - Internal users could be targeted via shared drives or internal communications with malicious files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to open a malicious file. Proof-of-concept code has been published demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Visual Studio Code 1.52.0 and later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17150

Restart Required: Yes

Instructions:

1. Open Visual Studio Code. 2. Click Help > Check for Updates. 3. Install update to version 1.52.0 or later. 4. Restart Visual Studio Code after installation completes.

🔧 Temporary Workarounds

Disable automatic file opening

all

Configure Visual Studio Code to not automatically open files from external sources

Set 'files.autoSave' to 'off' in settings.json
Disable 'workbench.editor.enablePreview' in settings

Use restricted mode

all

Open Visual Studio Code in restricted mode to disable extensions and certain features

code --disable-extensions
code --disable-gpu

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code
  • Use endpoint detection and response (EDR) solutions to monitor for suspicious Visual Studio Code behavior

🔍 How to Verify

Check if Vulnerable:

Check Visual Studio Code version via Help > About. If version is below 1.52.0, the system is vulnerable.

Check Version:

code --version

Verify Fix Applied:

Verify Visual Studio Code version is 1.52.0 or higher via Help > About.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file opening events in Visual Studio Code logs
  • Suspicious child processes spawned from code.exe

Network Indicators:

  • Unexpected outbound connections from Visual Studio Code process
  • Downloads of suspicious files followed by Visual Studio Code execution

SIEM Query:

Process Creation where Parent Process Name contains 'code.exe' AND Command Line contains suspicious patterns

📊 Metadata

CVE ID: CVE-2020-17150
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: December 10, 2020
Last Updated: August 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON