Microsoft .NET Framework System.DirectoryServices.Protocols Remote Code Execution Vulnerability

ID ZDI-13-004
Type zdi
Reporter Vitaliy Toropov
Modified 2013-06-22T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft .NET Framework. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the System.DirectoryServices.Protocols.SortRequestControl.GetValue() method inside the .NET Framework. The function allocates an array based on the value of the parameter this.keys.Length and then uses a loop terminated by the same parameter to fill the array with data. If another thread changes the value of this.keys.Length between the array creation and loop this can result in a heap buffer overflow that can lead to remote code execution under the context of the current program.