Microsoft Visual Studio Linker Integer Overflow Vulnerability

Last Update Date: 27 Apr 2012 11:57 Release Date: 27 Apr 2012 4383 Views

RISK: Medium Risk

Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability has been identified in Microsoft Visual Studio 2008, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in the linker utility (link.exe) when allocating memory based on the number of COFF symbols. This can be exploited to cause a heap-based buffer overflow via a specially crafted Portable Executable (PE) file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into processing a specially crafted file via e.g. "dumpbin" or "link /dump" utilities.

 

Note: There is no patch available for this vulnerability.
 

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Visual Studio 2008

Solutions

  • There is no patch available for this vulnerability.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Comodo Internet Security PE File Processing Vulnerability

27 Apr 2012 4307 Views

Next

IBM Rational Products Multiple Vulnerabilities

27 Apr 2012 4580 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY