Skip to main content

Microsoft Visual Studio Linker Integer Overflow Vulnerability

Last Update Date: 27 Apr 2012 11:57 Release Date: 27 Apr 2012 5309 Views

RISK: Medium Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability has been identified in Microsoft Visual Studio 2008, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error in the linker utility (link.exe) when allocating memory based on the number of COFF symbols. This can be exploited to cause a heap-based buffer overflow via a specially crafted Portable Executable (PE) file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into processing a specially crafted file via e.g. "dumpbin" or "link /dump" utilities.

 

Note: There is no patch available for this vulnerability.
 


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Visual Studio 2008

Solutions

  • There is no patch available for this vulnerability.

Vulnerability Identifier

  • No CVE information is available

Source


Related Link