In association with heise online

18 August 2008, 11:56

Microsoft Visual Studio exploit risk (Updated)

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services providers are reporting that a security vulnerability in a Visual Studio component is being exploited to compromise Windows systems on which Microsoft's Visual Studio is installed.

The culprit is, once again, an ActiveX control – Msmask32.ocx – designated by the vendor as 'safe for initialisation'. In Internet Explorer, this allows any website to call the "masked edit control" and control it remotely using JavaScript. This can trigger an internal buffer overflow, which can be exploited to inject and execute code – allowing, for example, installation of a backdoor on a user's system. (UPDATE: The vulnerability was reported for Visual Studio 6.0 with Msmask32.ocx version and is fixed with Msmask.ocx, installed with later service packs).

A similar problem was discovered in Database Designer last year. To what extent additional security functions in Internet Explorer 7 or Windows Vista prevent or restrict this is not currently clear. French security services provider FrSIRT classes the problem as critical and is advising administrators to deactivate the ActiveX control by setting the kill bit, CLSID {C932BA85-4374-101B-A56C-00AA003668DC}. This can either be performed manually, as described by Microsoft, or rather more simply using the AxBan tool.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit