Microsoft Visual Studio 2010 – Vsabv10dt.dll Malformed HTML Null Pointer Dereference Vulnerability

Author(s): Ivan Sanchez & Hernan Hegykozi
Contact Us: security@evilcode.com.ar
Versions: Microsoft Visual Studio 2010 / Vsabv10dt.dll
Date: 13/10/2011
Product: Microsoft Microsoft Visual Studio 2010/ VVsabv10dt.dll
Vendor: Notified
Internal Id: MSRC 11644

We have discovered that the product “Microsoft Visual Studio 2010 – Vsabv10dt.dll” presents a big hole regarding a Remote NULL Pointer Dereference , crashing the application when you run special  code .

Vendor Statement:

Microsoft Security Response Center has investigated this issue and it results being a NULL pointer dereference. Based on this, this issue can’t be exploited to execute arbitrary code and it results in a stability bug. This issue will be considered to be resolved in a future release of Microsoft.

Remediation:

Microsoft is working to solve this error  for next version of Internet Explorer to address this stability issue.

Leave a Reply