Microsoft Visual Studio exploit risk (Updated)
Security services providers are reporting that a security vulnerability in a Visual Studio component is being exploited to compromise Windows systems on which Microsoft's Visual Studio is installed.
The culprit is, once again, an ActiveX control – Msmask32.ocx – designated by the vendor as 'safe for initialisation'. In Internet Explorer, this allows any website to call the "masked edit control" and control it remotely using JavaScript. This can trigger an internal buffer overflow, which can be exploited to inject and execute code – allowing, for example, installation of a backdoor on a user's system. (UPDATE: The vulnerability was reported for Visual Studio 6.0 with Msmask32.ocx version 6.0.81.69 and is fixed with Msmask.ocx 6.0.84.18, installed with later service packs).
A similar problem was discovered in Database Designer last year. To what extent additional security functions in Internet Explorer 7 or Windows Vista prevent or restrict this is not currently clear. French security services provider FrSIRT classes the problem as critical and is advising administrators to deactivate the ActiveX control by setting the kill bit, CLSID {C932BA85-4374-101B-A56C-00AA003668DC}. This can either be performed manually, as described by Microsoft, or rather more simply using the AxBan tool.
See also:
- Microsoft Visual Studio Masked Edit Control "Mask" Buffer Overflow, security advisory from Secunia
- Microsoft Visual Studio "Msmask32" Code Execution Vulnerability, security advisory from FrSIRT
(djwm)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
