Info

Disclosure

Mar 03, 2006

Discovery

Unknown

Dates

Exploit

Mar 03, 2006

Solution

Unknown

Description

A remote overflow exists in Visual Studio. Visual Studio fails to perform proper boundary checks within the handling of ".dbp" files that contain an overly long string in the "DataProject" field, resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Public, Exploit Commercial

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Visual Studio

6.0 SP6

References

Security Tracker: 1015721
Milw0rm: 1555
Exploit Database: 1555
Bugtraq ID: 16953
Secunia Advisory ID: 19081
CVE ID: 2006-1043 (see also: NVD)
SCIP VulDB ID: 2075
ISS X-Force ID: 25148
VUPEN Advisory: ADV-2006-0825
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0642.html
http://archives.neohapsis.com/archives/bugtraq/2006-02/0662.html
Generic Exploit URL: http://www.saintcorporation.com
http://www.saintcorporation.com/cgi-bin/exploit_info/visual_studio_dbp_sln
Other Advisory URL: http://www.spyinstructors.com/show.php?name=Advisories&pa=showpage&pid=73

Credit

kozan - kozanspyinstructors.com - http://www.spyinstructors.com
ATmaCA - atmacaicqmail.com - AtmacaSoft Inc.

Direct URL: http://osvdb.org/23711