Researchers released PoC for RCE (CVE-2022-41034) in Visual Studio Code

From securityonline.info

A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Visual Studio Code and patched by Microsoft in October was published online.

” An attacker could, through a link or website, take over the computer of a Visual Studio Code user and any computers they were connected to via the Visual Studio Code Remote Development feature. This issue affected at least GitHub Codespaces, github.dev, the web-based Visual Studio Code for Web and to a lesser extent Visual Studio Code desktop,” a researcher from Google said.

Read more…