BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft Visual Studio Linker Vulnerability

Disclosed April 20, 2012    No Patch Available

Vulnerability Description:

Microsoft Visual Studio 2008 contains a vulnerability when linking specially crafted Portable Executable (PE) files. The vulnerability is caused by certain memory allocations based off COFF symbols, which may cause an integer overflow in link.exe, resulting in an exploitable heap-based buffer overflow. An attacker must convince a user to process a maliciously crafted PE file via the "dumpbin" or "link" utilities.

Vendors:

Microsoft

Vulnerable Software/Devices:

Microsoft Visual Studio 2008 version 9.00.21022.08 and possibly earlier versions

Vulnerability Severity:

Medium

Exploit Availability:

N/A

Exploit Impact:

Remote Code Execution
Remote Code Execution Exploitation of this vulnerability is possible by sending maliciously crafted PE files, via phishing emails, to vulnerable users. Remote attackers who successfully exploit this vulnerability will be able to execute code on the vulnerable system with the same rights as the currently logged on user.

BeyondTrust Prevention and Detection:


Mitigation:

Do not run "dumpbin" or "link" on untrusted PE files, or PE files that come from trusted sources unexpectedly. 

Links:

CVE(s):

None