Microsoft Visual Studio Linker Integer Overflow Vulnerability
RISK: Medium Risk
TYPE: Clients - Productivity Products
A vulnerability has been identified in Microsoft Visual Studio 2008, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an integer overflow error in the linker utility (link.exe) when allocating memory based on the number of COFF symbols. This can be exploited to cause a heap-based buffer overflow via a specially crafted Portable Executable (PE) file.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into processing a specially crafted file via e.g. "dumpbin" or "link /dump" utilities.
Note: There is no patch available for this vulnerability.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Visual Studio 2008
Solutions
- There is no patch available for this vulnerability.
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with