Microsoft Visual Studio .dbp and .sln buffer overflow

Added: 03/07/2006
CVE: CVE-2006-1043
BID: 16953
OSVDB: 23711

Background

Microsoft Visual Studio is a product for facilitating software development on Windows operating systems.

Problem

A buffer overflow vulnerability leads to command execution when a specially crafted Database Project (.dbp) or Solution (.sln) file is opened in Visual Studio.

Resolution

Upgrade to Visual Studio 2005.

References

http://www.securityfocus.com/archive/1/426767

Limitations

Exploit requires a user to download a file and open it in Visual Studio. Exploit works on Visual Studio 6.0 SP6.

Platforms

Windows 2000
Windows 2000 SP4
Windows XP

Back to exploit index