Full Disclosure mailing list archives
Microsoft Visual Studio vulnerability
From: "phil" <jabea () jabea net>
Date: Mon, 22 Nov 2010 21:12:03 -0500
Hi there, I found a small vulnerability. Don't flame me, as I have no idea if that vulnerability is exploitable or not. I just wanted to share it (with my poor english). If it's not exploitable, then at least it's a cool bug to make a joke on your coding team on a Monday morning. As nobody will be able to open the visual studio's project for the time someone use notepad to edit the corrupt source file outside the IDE (if they know for what to look for and in what file) Philippe Levesque ----------------------------------------------------------------- Microsoft Visual Studio vulnerability Overview: In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly written source file make the application crash at loading. That make it really easy to make a simple denial of service against the application by using CVS or SVN repositories. Exploitation of this bug is not yet know or confirmed. Description: To trigger the condition it just need 2 lines of code in any source file; extern class D extern unsigned int exemple; The application crash at the exact time it detect that error pattern. (Access violation at 0x3f898354: read of address 0xfffffffc) You need to edit the source file outside of the application to remove those lines. Impact: A denial of service against the application. If a exploit got written for that, like a forged source file that could inject shell code, then it will be easy to infect distant computer using CVS/SVN because source file are usually thrusted to be virus safe because they are in plain text. (Not counting that usually real-time antivirus that are configured to scan file type dont usually scan source file) (Tested against Visual Studio Express 2010) Solution: Use another IDE, or switch back to Visual Studio 2008 Misc: Vendor got informed of that bug at this time by me: 6/17/2010 8:23:04 PM - On Microsoft connect at first: http://connect.microsoft.com/VisualStudio/feedback/details/568619. (Bug confirmed by Microsoft) - On secure () microsoft com after. CERT/US-CERT got informed: 11/15/2010 9:51 PM - I got a return of CERT: 11/19/2010 9:12 AM -- CERT direct me the vendor as they cannot work on the case (too much load on their side). (VU#776108) I emailed the Microsoft one last time: 11/19/2010 9:15 AM. Without answer I am now exhausted to try the report this bug correctly. So its the reason of this disclosure. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Microsoft Visual Studio vulnerability phil (Nov 23)