Visual Studio - New unpatched buffer overflow vulnerability
It's rated as "low risk" as it requires user action plus it's probably unlikely to become a target for in-the-wild exploitation.
Microsoft Visual Studio ".rc" File Handling Buffer Overflow
QUOTE: porkythepig has reported a vulnerability in Microsoft Visual Studio, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of ".rc" files that contain an overly long string after the "1 TYPELIB MOVEABLE PURE " text. This can be exploited to cause a stack-based buffer overflow and allows arbitrary code execution when a malicious ".rc" file is opened.
Successful exploitation requires that a user click on the "Ok" button or closes the message box when the "file not found" message box appears.
Affected Products: Microsoft Visual Studio 6 SP6 and prior
Solution: FrSIRT is not aware of any official supplied patch for this issue.