[Full-disclosure] [Bkis-08-2009] Microchip MPLAB IDE Buffer Overflow Vulnerability
- From: Bkis <svrt@xxxxxxxxxxx>
- Date: Mon, 11 May 2009 12:06:47 +0700
Microchip MPLAB IDE Buffer Overflow Vulnerability
1. General Information
MPLAB IDE is a famous Integrated Development Environment (IDE) of
Microchip (www.microchip.com) that provides a single integrated
environment to develop applications for Microchip microcontrollers and
digital signal controllers.
In March 2009, Bkis has just detected a vulnerability in this software.
This vulnerability arises from the way MPLAB IDE processes IDE Project
files with extension of .mcp. It could lead to a critical buffer
overflow error that allows hackers to execute malicious code on users’
systems. We have submitted to vendor.
Details : http://security.bkis.vn/?p=654
Bkis Advisory : Bkis-08-2009.
Initial vendor notification : 15/03/2009
Release Date : 11/05/2009
Update Date : 11/05/2009
Discovered by : Le Duc Anh, Bkis.
Attack Type : Buffer Overflow.
Security Rating : High.
Impact : Code Execution.
Affected Software : Microchip MPLAB IDE 8.30 (Prior versions may also be
PoC : http://security.bkis.vn/wp-content/uploads/2009/05/mplap_ide_poc.zip
2. Technical Description
MCP files are used to store essential information about a MPLAB IDE
Project (in plain text). The software has not handled the file format
well enough resulting in a critical security issue. Many fields in this
file format might create buffer overflow error when set with an overly
long value such as: [FILE_INFO], [CAT_FILTERS] ….
In order to exploit, a hacker might create a specially crafted .mcp file
and trick users into using it. If successful, hackers can perform local
attack, inject viruses, steal sensitive information and even take
control of the victim’s system.
The vendor hasn’t fixed this vulnerability yet. Therefore, Bkis
recommends that users be cautious with MPLAB IDE Project source from
untrustworthy sources until the vendor release the patch.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] Major Greek bank sites with SSL vulnerable to XSS and open redirects
- Next by Date: Re: [Full-disclosure] Major Greek bank sites with SSL vulnerable to XSS and open redirects
- Previous by thread: [Full-disclosure] Major Greek bank sites with SSL vulnerable to XSS and open redirects
- Next by thread: [Full-disclosure] [SECURITY] [DSA 1798-1] New pango1.0 packages fix arbitrary code execution