Microsoft Visual Studio 2008 contains a vulnerability when linking specially crafted Portable Executable (PE) files. The vulnerability is caused by certain memory allocations based off COFF symbols, which may cause an integer overflow in link.exe, resulting in an exploitable heap-based buffer overflow. An attacker must convince a user to process a maliciously crafted PE file via the "dumpbin" or "link" utilities.
Microsoft Visual Studio 2008 version 9.00.21022.08 and possibly earlier versions
Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible by sending maliciously crafted PE files, via phishing emails, to vulnerable users. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.
BeyondTrust Prevention and Detection:
Do not run "dumpbin" or "link" on untrusted PE files, or PE files that come from trusted sources unexpectedly.