Visual Basic 6.0 version 8176 Print statement buffer overrun
Release date: 17-5-2004
Severity: Medium
Vendor: Microsoft
Systems affected: Windows 9x Windows 2000 Windows XP windows 2003
Description: A buffer overrun exists in the the visual basic design time enviroment that may allow a user to elevate his privileges. This vulnerability may affect Microsoft Office series and other Microsoft applications such as Internet explorer.
Technical Description: Perform the following steps to crash Visual basic: 1. Open Visual Basic and create a new project(project1) 2. Insert a textbox and a commandbutton 3. In the Command1_Click() event insert the following code: print text1.text 4.Compile and run your program 5.Insert about 170,000 characters in your textbox and press the commandbutton
At this point your program will generate an "Out of stack space" error message and will crash. Try to compile and run it again and VB will crash. A second error message will be generated:
The instruction at "0x004a2e43" referenced memory at "0x00030274". The memory cou ld not be "read".
004A2E29 sub ecx,eax 004A2E2B mov eax,esp 004A2E2D test dword ptr [ecx],eax 004A2E2F mov esp,ecx 004A2E31 mov ecx,dword ptr [eax] 004A2E33 mov eax,dword ptr [eax+4] 004A2E36 push eax 004A2E37 ret 004A2E38 sub ecx,1000h 004A2E3E sub eax,1000h 004A2E43 test dword ptr [ecx],eax 004A2E45 cmp eax,1000h 004A2E4A jae 004A2E38 004A2E4C jmp 004A2E29 004A2E4E push ebp 004A2E4F mov ebp,esp 004A2E51 sub esp,104h 004A2E57 mov ecx,dword ptr ds:[59F700h] 004A2E5D push esi 004A2E5E test ecx,ecx 004A2E60 je 004A2E7E 004A2E62 mov eax,[0059F710] 004A2E67 test eax,eax 004A2E69 je 004A2EB9 004A2E6B push dword ptr [ebp+14h] 004A2E6E push dword ptr [ebp+10h] 004A2E71 push dword ptr [ebp+0Ch] 004A2E74 push dword ptr [ebp+8] 004A2E77 call eax 004A2E79 pop esi 004A2E7A leave
Credit: dr_insane
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
