[security-alerts] FW: [SA19081] Microsoft Visual Studio ".dbp" File Handling Buffer Overflow

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> Microsoft Visual Studio ".dbp" File Handling Buffer Overflow
> 
> SECUNIA ADVISORY ID:
> SA19081
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19081/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> Microsoft Visual InterDev
> http://secunia.com/product/413/
> Microsoft Visual Studio 6 Enterprise
> http://secunia.com/product/408/
> Microsoft Visual Studio 6 Professional
> http://secunia.com/product/409/
> 
> DESCRIPTION:
> ATmaCA has reported a vulnerability in Microsoft Visual Studio, which
> can be exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to a boundary error within the
> handling of a ".dbp" file that contains an overly long string in the
> "DataProject" field. This can be exploited to cause a stack-based
> buffer overflow and allows arbitrary code execution when a malicious
> ".dbp" file is opened.
> 
> The vulnerability has been reported in version 6.0 SP6 with Microsoft
> Visual InterDev.
> 
> SOLUTION:
> Do not open ".dbp" files from non-trusted sources.
> 
> PROVIDED AND/OR DISCOVERED BY:
> ATmaCA
> 
> ORIGINAL ADVISORY:
> http://www.spyinstructors.com/show.php?name=Advisories&pa=show
> page&pid=73
> 
> ----------------------------------------------------------------------