Microsoft Visual Studio vulnerability

[<jabea@xxxxxxxxx>]

-----------------------------------------------------------------
Microsoft Visual Studio vulnerability

Overview:

In Microsoft Visual Studio 2010 the DLL CPFE.DLL is vulnerable. A badly
written source file make the application crash at loading. That make it
really easy to make a simple denial of service against the application by
using CVS or SVN repositories. Exploitation of this bug is not yet know or
confirmed.


Description:

To trigger the condition it just need 2 lines of code in any source file; 

extern class D
extern unsigned int     exemple;

The application crash at the exact time it detect that error pattern.
 (Access violation at 0x3f898354: read of address 0xfffffffc)

You need to edit the source file outside of the application to remove
those
lines.


Impact:

A denial of service against the application. If a exploit got written for
that, like a forged source file that could inject shell code, then it will
be easy to infect distant computer using CVS/SVN because source file are
usually thrusted to be virus safe because they are in plain text. (Not
counting that usually real-time antivirus that are configured to scan file
type don’t usually scan source file)
 
(Tested against Visual Studio Express 2010)


Solution:

Use another IDE, or switch back to Visual Studio 2008


Misc:

Vendor got informed of that bug at this time by me:  6/17/2010 8:23:04 PM
- On Microsoft connect at first:
http://connect.microsoft.com/VisualStudio/feedback/details/568619. (Bug
confirmed by Microsoft)
- On secure@xxxxxxxxxxxxx after.
CERT/US-CERT got informed: 11/15/2010 9:51 PM
- I got a return of CERT: 11/19/2010 9:12 AM
-- CERT direct me the vendor as they cannot work on the case (too much
load
on their side). (VU#776108)
I emailed the Microsoft one last time: 11/19/2010 9:15 AM. 

Without answer I am now exhausted to try the report this bug correctly. So
it’s the reason of this disclosure.


Credit:

This vulnerability was discovered by Philippe Levesque