Microsoft Visual Studio Linker Integer Overflow Vulnerability
BID:53243
Info
Microsoft Visual Studio Linker Integer Overflow Vulnerability
| Bugtraq ID: | 53243 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 25 2012 12:00AM |
| Updated: | Apr 25 2012 12:00AM |
| Credit: | Walied Assar |
| Vulnerable: |
Microsoft Visual Studio 2008 Shell (Integrated Mode) - ENU 9.0.30729 Microsoft Visual Studio 2008 SP1 Microsoft Visual Studio 2008 9.00.21022.08 Microsoft Visual Studio 2008 0 |
| Not Vulnerable: | |
Discussion
Microsoft Visual Studio Linker Integer Overflow Vulnerability
Microsoft Visual Studio is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Microsoft Visual Studio 9.00.21022.08 is vulnerable; other versions may also be affected.
Microsoft Visual Studio is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized memory buffer.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Microsoft Visual Studio 9.00.21022.08 is vulnerable; other versions may also be affected.
Exploit / POC
Microsoft Visual Studio Linker Integer Overflow Vulnerability
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Visual Studio Linker Integer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Microsoft Visual Studio Linker Integer Overflow Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- Microsoft Incremental Linker Integer Overflow (Walied Assar)
- Microsoft Visual Studio Homepage (Microsoft)