BugTraq
Microsoft Visual Studio vulnerability Nov 23 2010 05:12PM
jabea jabea net
-----------------------------------------------------------------
Microsoft Visual Studio vulnerability

Overview:

In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly
written source file make the application crash at loading. That make it
really easy to make a simple denial of service against the application by
using CVS or SVN repositories. Exploitation of this bug is not yet know or
confirmed.

Description:

To trigger the condition it just need 2 lines of code in any source file;

extern class D
extern unsigned int     exemple;

The application crash at the exact time it detect that error pattern.
 (Access violation at 0x3f898354: read of address 0xfffffffc)

You need to edit the source file outside of the application to remove
those
lines.

Impact:

A denial of service against the application. If a exploit got written for
that, like a forged source file that could inject shell code, then it will
be easy to infect distant computer using CVS/SVN because source file are
usually thrusted to be virus safe because they are in plain text. (Not
counting that usually real-time antivirus that are configured to scan file
type donâ??t usually scan source file)
 
(Tested against Visual Studio Express 2010)

Solution:

Use another IDE, or switch back to Visual Studio 2008

Misc:

Vendor got informed of that bug at this time by me:  6/17/2010 8:23:04 PM
- On Microsoft connect at first:
http://connect.microsoft.com/VisualStudio/feedback/details/568619. (Bug
confirmed by Microsoft)
- On secure (at) microsoft (dot) com [email concealed] after.
CERT/US-CERT got informed: 11/15/2010 9:51 PM
- I got a return of CERT: 11/19/2010 9:12 AM
-- CERT direct me the vendor as they cannot work on the case (too much
load
on their side). (VU#776108)
I emailed the Microsoft one last time: 11/19/2010 9:15 AM.

Without answer I am now exhausted to try the report this bug correctly. So
itâ??s the reason of this disclosure.

Credit:

This vulnerability was discovered by Philippe Levesque

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus