Microsoft Visual Studio is prone to a vulnerability that could allow remote attackers to execute arbitrary code. This issue stems from a design flaw that executes code contained in a project file without first notifying users.
Exploiting this issue allows attackers to execute arbitrary code in the context of the user viewing a malicious project file. Since viewing a project file is usually considered a safe operation, users may have a false sense of security by attempting to inspect unknown code before compiling or executing it.
This vulnerability may be remotely exploited due to project files originating from untrusted sources.
Visual Studio 2005 is reportedly vulnerable to this issue; other versions may also be affected.