[<prev] [next>] [day] [month] [year] [list]
Message-ID: <a40cc58d3618dc7f6ffc6f969eab4f79@jabea.net>
Date: Tue, 23 Nov 2010 12:12:27 -0500
From: <jabea@...ea.net>
To: <bugtraq@...urityfocus.com>
Subject: Microsoft Visual Studio vulnerability
-----------------------------------------------------------------
Microsoft Visual Studio vulnerability
Overview:
In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly
written source file make the application crash at loading. That make it
really easy to make a simple denial of service against the application by
using CVS or SVN repositories. Exploitation of this bug is not yet know or
confirmed.
Description:
To trigger the condition it just need 2 lines of code in any source file;
extern class D
extern unsigned int exemple;
The application crash at the exact time it detect that error pattern.
(Access violation at 0x3f898354: read of address 0xfffffffc)
You need to edit the source file outside of the application to remove
those
lines.
Impact:
A denial of service against the application. If a exploit got written for
that, like a forged source file that could inject shell code, then it will
be easy to infect distant computer using CVS/SVN because source file are
usually thrusted to be virus safe because they are in plain text. (Not
counting that usually real-time antivirus that are configured to scan file
type don’t usually scan source file)
(Tested against Visual Studio Express 2010)
Solution:
Use another IDE, or switch back to Visual Studio 2008
Misc:
Vendor got informed of that bug at this time by me: 6/17/2010 8:23:04 PM
- On Microsoft connect at first:
http://connect.microsoft.com/VisualStudio/feedback/details/568619. (Bug
confirmed by Microsoft)
- On secure@...rosoft.com after.
CERT/US-CERT got informed: 11/15/2010 9:51 PM
- I got a return of CERT: 11/19/2010 9:12 AM
-- CERT direct me the vendor as they cannot work on the case (too much
load
on their side). (VU#776108)
I emailed the Microsoft one last time: 11/19/2010 9:15 AM.
Without answer I am now exhausted to try the report this bug correctly. So
it’s the reason of this disclosure.
Credit:
This vulnerability was discovered by Philippe Levesque
Powered by blists - more mailing lists