lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 22 Nov 2010 21:12:03 -0500
From: "phil" <jabea@...ea.net>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Microsoft Visual Studio vulnerability

Hi there,

I found a small vulnerability. Don't flame me, as I have no idea if that
vulnerability is exploitable or not. I just wanted to share it (with my poor
english). 

If it's not exploitable, then at least it's a cool bug to make a joke on
your coding team on a Monday morning. As nobody will be able to open the
visual studio's project for the time someone use notepad to edit the corrupt
source file outside the IDE (if they know for what to look for and in what
file)



Philippe Levesque



-----------------------------------------------------------------
Microsoft Visual Studio vulnerability

Overview:

In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly
written source file make the application crash at loading. That make it
really easy to make a simple denial of service against the application by
using CVS or SVN repositories. Exploitation of this bug is not yet know or
confirmed.


Description:

To trigger the condition it just need 2 lines of code in any source file; 

extern class D
extern unsigned int     exemple;

The application crash at the exact time it detect that error pattern.
 (Access violation at 0x3f898354: read of address 0xfffffffc)

You need to edit the source file outside of the application to remove those
lines.


Impact:

A denial of service against the application. If a exploit got written for
that, like a forged source file that could inject shell code, then it will
be easy to infect distant computer using CVS/SVN because source file are
usually thrusted to be virus safe because they are in plain text. (Not
counting that usually real-time antivirus that are configured to scan file
type don’t usually scan source file)
 
(Tested against Visual Studio Express 2010)


Solution:

Use another IDE, or switch back to Visual Studio 2008


Misc:

Vendor got informed of that bug at this time by me:  6/17/2010 8:23:04 PM
- On Microsoft connect at first:
http://connect.microsoft.com/VisualStudio/feedback/details/568619. (Bug
confirmed by Microsoft)
- On secure@...rosoft.com after.
CERT/US-CERT got informed: 11/15/2010 9:51 PM
- I got a return of CERT: 11/19/2010 9:12 AM
-- CERT direct me the vendor as they cannot work on the case (too much load
on their side). (VU#776108)
I emailed the Microsoft one last time: 11/19/2010 9:15 AM. 

Without answer I am now exhausted to try the report this bug correctly. So
it’s the reason of this disclosure.







_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ