lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <a40cc58d3618dc7f6ffc6f969eab4f79@jabea.net>
Date: Tue, 23 Nov 2010 12:12:27 -0500
From: <jabea@...ea.net>
To: <bugtraq@...urityfocus.com>
Subject: Microsoft Visual Studio vulnerability

-----------------------------------------------------------------
Microsoft Visual Studio vulnerability

Overview:

In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly
written source file make the application crash at loading. That make it
really easy to make a simple denial of service against the application by
using CVS or SVN repositories. Exploitation of this bug is not yet know or
confirmed.


Description:

To trigger the condition it just need 2 lines of code in any source file; 

extern class D
extern unsigned int     exemple;

The application crash at the exact time it detect that error pattern.
 (Access violation at 0x3f898354: read of address 0xfffffffc)

You need to edit the source file outside of the application to remove
those
lines.


Impact:

A denial of service against the application. If a exploit got written for
that, like a forged source file that could inject shell code, then it will
be easy to infect distant computer using CVS/SVN because source file are
usually thrusted to be virus safe because they are in plain text. (Not
counting that usually real-time antivirus that are configured to scan file
type don’t usually scan source file)
 
(Tested against Visual Studio Express 2010)


Solution:

Use another IDE, or switch back to Visual Studio 2008


Misc:

Vendor got informed of that bug at this time by me:  6/17/2010 8:23:04 PM
- On Microsoft connect at first:
http://connect.microsoft.com/VisualStudio/feedback/details/568619. (Bug
confirmed by Microsoft)
- On secure@...rosoft.com after.
CERT/US-CERT got informed: 11/15/2010 9:51 PM
- I got a return of CERT: 11/19/2010 9:12 AM
-- CERT direct me the vendor as they cannot work on the case (too much
load
on their side). (VU#776108)
I emailed the Microsoft one last time: 11/19/2010 9:15 AM. 

Without answer I am now exhausted to try the report this bug correctly. So
it’s the reason of this disclosure.


Credit:

This vulnerability was discovered by Philippe Levesque

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ