CVE-2006-1043

Microsoft Visual Studio and Visual InterDev - Stack-based Buffer Overflow via Long DataProject Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1043. PoCs published by Kozan.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in Microsoft Visual Studio 6.0 SP6 by crafting a malformed .dbp file. It includes shellcode to execute calc.exe and leverages a JMP ESP instruction from VSSLN.DLL to redirect execution flow.

Description

Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kozan · clocalwindows

https://www.exploit-db.com/exploits/1555

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow vulnerability in Microsoft Visual Studio 6.0 SP6 by crafting a malformed .dbp file. It includes shellcode to execute calc.exe and leverages a JMP ESP instruction from VSSLN.DLL to redirect execution flow.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Visual Studio 6.0 SP6

No auth needed

Prerequisites: Victim must open the malformed .dbp file in Microsoft Visual Studio 6.0 SP6

MITRE ATT&CK