• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Debugger Vendor Malicious Code Execution Vulnerability

Multiple debugger vendors are reported prone to a malicious code execution vulnerability. This vulnerability is due to a failure of the affected applications to properly ensure that the examined code is run in a contained environment.

When an unsuspecting user attempts to debug the attacker-supplied executable, the malicious code from the included library will be run in the context of the debugger prior to the intended time, and in an uncontrolled manner.

This vulnerability allows remote attackers to execute arbitrary machine code in the context of an affected debugger application. Due to the expected safe nature of debugging applications, potentially very cautious users may fall victim to this vulnerability.

OllyDbg, WinDbg, and Microsoft Visual C++ Debuggers are all reported susceptible to this vulnerability. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability.