Microsoft Visual Studio .dbp and .sln buffer overflow

2006-03-07T00:00:00
ID SAINT:9EEBD4894762594DFF4CABC807F6C983
Type saint
Reporter SAINT Corporation
Modified 2006-03-07T00:00:00

Description

Added: 03/07/2006
CVE: CVE-2006-1043
BID: 16953
OSVDB: 23711

Background

Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.

Problem

A buffer overflow vulnerability leads to command execution when a specially crafted Database Project (**.dbp**) or Solution (**.sln**) file is opened in Visual Studio.

Resolution

Upgrade to Visual Studio 2005.

References

<http://www.securityfocus.com/archive/1/426767>

Limitations

Exploit requires a user to download a file and open it in Visual Studio. Exploit works on Visual Studio 6.0 SP6.

Platforms

Windows 2000
Windows 2000 SP4
Windows XP