A vulnerability found in Microsoft’s Visual Studio can allow
code execution. Well, the catch is even the “source code” of a
project can have hidden executable codes in them. An exploit from a
Security Group called Priestmasters proves this claim. More details
found in Securiteam web page.
I tested the proof of concept from Priestmasters on Microsoft
Visual C# 2005 Express Edition Beta and it worked.
“If a user click on the solution file
(vbexploit.sln) and the form1.cs is shown, VS launch the code
inside UserControl1_Load function. Place your backdoor into this
function (You can use the whole WIN-API and .NET framework to code
your back door). The default behavior for the example file is show
a Message Box and launch calc.exe.”
Now upon double clicking the said solution file, a message box
was displayed as shown below. (click on image to enlarge)
Clicking on “OK” button launches “calc.exe”. (Click on image to
enlarge)
There are many options an attacker can choose from when he
exploits the said vulnerability. The attacker may install a
backdoor, spyware, or even a worm in the affected machine. Yet,
there are no known security patch available to address the said
vulnerability so users are advised not to trust unsolicited or
unexpected source files of Visual Studio from unknown and known
contacts. If the source files were downloaded from the Internet, it
is recommend to test or open them first on test machines not
connected into your network to avoid any circumstances of a malware
oubreak in your network.