Microchip MPLAB IDE Buffer Overflow Vulnerability

1. General Information

MPLAB IDE is a famous Integrated Development Environment (IDE) of 
Microchip (www.microchip.com) that provides a single integrated 
environment to develop applications for Microchip microcontrollers and 
digital signal controllers.

In March 2009, Bkis has just detected a vulnerability in this software. 
This vulnerability arises from the way MPLAB IDE processes IDE Project 
files with extension of .mcp. It could lead to a critical buffer 
overflow error that allows hackers to execute malicious code on users=92 
systems. We have submitted to vendor.

Details : http://security.bkis.vn/?p=654 
Bkis Advisory : Bkis-08-2009.
Initial vendor notification : 15/03/2009
Release Date : 11/05/2009
Update Date : 11/05/2009
Discovered by : Le Duc Anh, Bkis.
Attack Type : Buffer Overflow.
Security Rating : High.
Impact : Code Execution.
Affected Software : Microchip MPLAB IDE 8.30 (Prior versions may also be 
affected).
PoC : http://security.bkis.vn/wp-content/uploads/2009/05/mplap_ide_poc.zip 


2. Technical Description

MCP files are used to store essential information about a MPLAB IDE 
Project (in plain text). The software has not handled the file format 
well enough resulting in a critical security issue. Many fields in this 
file format might create buffer overflow error when set with an overly 
long value such as: [FILE_INFO], [CAT_FILTERS] =85.

In order to exploit, a hacker might create a specially crafted .mcp file 
and trick users into using it. If successful, hackers can perform local 
attack, inject viruses, steal sensitive information and even take 
control of the victim=92s system.

3. Solution

The vendor hasn=92t fixed this vulnerability yet. Therefore, Bkis 
recommends that users be cautious with MPLAB IDE Project source from 
untrustworthy sources until the vendor release the patch.

Bkis (http://security.bkis.vn)