Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
BID:16953
Info
Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
| Bugtraq ID: | 16953 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 04 2006 12:00AM |
| Updated: | Mar 06 2006 03:31PM |
| Credit: | This issue was discovered by Kozan <[email protected]>, with further credit given to ATmaCA. |
| Vulnerable: |
Microsoft Visual Studio 6.0 SP5 Microsoft Visual Studio 6.0 SP4 Microsoft Visual Studio 6.0 SP3 Microsoft Visual Studio 6.0 SP2 Microsoft Visual Studio 6.0 SP1 Microsoft Visual Studio 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
Microsoft Visual Studio is prone to a buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary code in the context of the user viewing a malicious file. As viewing a project file is usually considered to be a safe operation, users may have a false sense of security by attempting to inspect unknown code prior to compiling or executing it.
This vulnerability may be remotely exploited due to project files originating from untrusted sources.
Visual Studio 6 is reportedly vulnerable to this issue; other versions may also be affected.
Microsoft Visual Studio is prone to a buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary code in the context of the user viewing a malicious file. As viewing a project file is usually considered to be a safe operation, users may have a false sense of security by attempting to inspect unknown code prior to compiling or executing it.
This vulnerability may be remotely exploited due to project files originating from untrusted sources.
Visual Studio 6 is reportedly vulnerable to this issue; other versions may also be affected.
Exploit / POC
Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
Example exploit code has been made available by Kozan <[email protected]>. Users attempting to utilize this exploit to verify this issue should exercise extreme caution when handling the files. This exploit has not been tested or verified by Symantec.
Example exploit code has been made available by Kozan <[email protected]>. Users attempting to utilize this exploit to verify this issue should exercise extreme caution when handling the files. This exploit has not been tested or verified by Symantec.
Solution / Fix
Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Visual Studio DBP and SLN Files DataProject Buffer Overflow Vulnerability
References:
References:
- Microsoft Visual Studio Homepage (Microsoft)
- Technet Security (Microsoft)
- Visual Studio 6.0 Buffer Overflow Vulnerability ([email protected])