← Advisories

Microsoft Source Code Analyzer for SQL Injection 1.3 Improper Permissions

Medium

Advisory ID

ZSL-2011-5003

Release Date

16 March 2011

Vendor

Microsoft Corporation - http://www.microsoft.com

Affected Version

1.3.30601.30705

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN)

Summary

Microsoft Source Code Analyzer for SQL Injection is a static code analysis tool for finding SQL Injection vulnerabilities in ASP code. Customers can run the tool on their ASP source code to help identify code paths that are vulnerable to SQL Injection attacks.

Description

The package suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the "C" flag (Change(write)) for the "Everyone" group, for the binary file msscasi_asp.exe and the package itself, msscasi_asp_pkg.exe.

Proof of Concept

msscasi_asp.txtTXT

Disclosure Timeline

12.03.2011Vendor is informed about the issue.

14.03.2011Vendor decides not to track the issue stating that it is not a security issue and that the tool is in its BETA stage.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://support.microsoft.com/kb/954476

[2]http://www.microsoft.com/downloads/en/details.aspx?FamilyId=58A7C46E-A599-4FCB-9AB4-A4334146B6BA&displaylang=en

[3]http://packetstormsecurity.org/files/99394

[4]http://www.exploit-db.com/exploits/16991/

[5]http://securityreason.com/exploitalert/10147

[6]http://xforce.iss.net/xforce/xfdb/66137

[7]http://www.hackerv.com/security/109.html

Changelog

16.03.2011Initial release

17.03.2011Added reference [4] and [5]

22.03.2011Added reference [6] and [7]