Vigil@nce - Microsoft Visual Studio: buffer overflow via a project
March 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open a malicious project file
with Microsoft Visual Studio, in order to execute code on his
computer.
Severity: 2/4
Creation date: 01/03/2011
IMPACTED PRODUCTS
– Microsoft Visual Studio
DESCRIPTION OF THE VULNERABILITY
The Microsoft Visual Studio development environment stores
projects in files. Two vulnerabilities can occur when a malicious
project is opened.
A buffer overflow occurs when a CSharp project (extension
".csproj") contains a long Reference field. [severity:2/4]
A buffer overflow occurs when a Visual Basic project (extension
".vbproj") contains a long Reference field. [severity:2/4]
An attacker can therefore invite the victim to open a malicious
project file with Microsoft Visual Studio, in order to execute
code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-Visual-Studio-buffer-overflow-via-a-project-10406