myITforum.com
Welcome to myITforum.com Sign in | Join | Help
in Search
Site Home Home Bloggers List Blogs Photos Downloads

Harry Waldron - My IT Forums Blog

Sharing Security Developments, and Best Practices for corporate and home users

Visual Studio - New unpatched buffer overflow vulnerability

It's rated as "low risk" as it requires user action plus it's probably unlikely to become a target for in-the-wild exploitation.

Microsoft Visual Studio ".rc" File Handling Buffer Overflow
http://www.frsirt.com/english/advisories/2007/0296
http://secunia.com/advisories/23856/

QUOTE: porkythepig has reported a vulnerability in Microsoft Visual Studio, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling of ".rc" files that contain an overly long string after the "1 TYPELIB MOVEABLE PURE " text. This can be exploited to cause a stack-based buffer overflow and allows arbitrary code execution when a malicious ".rc" file is opened.

Successful exploitation requires that a user click on the "Ok" button or closes the message box when the "file not found" message box appears.

Affected Products: Microsoft Visual Studio 6 SP6 and prior

Solution: FrSIRT is not aware of any official supplied patch for this issue.

Published Jan 25 2007, 02:08 PM by hwaldron

Comments

No Comments

This Blog

Syndication
Copyright - www.myITforum.com, Inc. - 2007 All Rights reserved.
Powered by Community Server (Commercial Edition), by Telligent Systems